umbral | release05262024[.]exe | Triage

Sharing

General

Target

release05262024.exe
Size

234KB
MD5

550cecea767138fcf54daabc6af64ff1
SHA1

1b63a5be8367b98d68a3cb190542b65084c22fdb
SHA256

ea94a87b1828d33c0fd1b075ecfdf3cde3856c3b3f173f10c4618e306f1970f8
SHA512

41f94f4845608311908e3abf8640fa9745d368289163304d6759cbf9a94894c3256ce0159b7fb3b612f6cc5432d34ae4571174ace831fa4bd0b3ebe1426ddf3b
SSDEEP

6144:XloZM+rIkd8g+EtXHkv/iD4ZgdtNbYMTvqL9Y0hZOb8e1mXzi4:1oZtL+EP8ZgdtNbYMTvqL9Y0hc6e

Score

10^/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1244362891965108275/HXo_OfDdkDwqqtf7tglmVMtmcg4QClHYML_rbnuo7qbYcs2iHQmI11WQc3h41CQ931IZ

Signatures

Detect Umbral payload 1 IoCs

Processes:

resource yara_rule

sample family_umbral
Umbral family
umbral
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

release05262024.exe

Files

release05262024.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ