General

  • Target

    Copped.exe

  • Size

    434KB

  • MD5

    61eb747d9aca2e32df170bfe5cd278ed

  • SHA1

    e7086ca9616727f0d612c12e5e19200f98b35b26

  • SHA256

    2902b2d11793853c4ca9a23168b421afed4aacf0f345cc7ba955b2ae9cd61605

  • SHA512

    6ea3dffbfb9071c506affd7b1c6f4cc3d6c911775b4df31adb8f25c75d99f536c67fcdddf4d107d1f6e969d6155fef738015d756ed8b936ca7f354ba554a8952

  • SSDEEP

    12288:xoZZL+EP8MzMQQWRJ6TvSgR1ExP42u9ODA53:zI86MQQWRJ6TvSgR1Ext

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1250906915148660757/n5kTt2muM1UsIJ3KdGNFsQoNfCd6iKdJbNs1XwVdH3VTtaQoX95hDgA6iAiDVU0OKiKV

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Copped.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections