Behavioral task
behavioral1
Sample
Copped.exe
Resource
win7-20240419-en
General
-
Target
Copped.exe
-
Size
434KB
-
MD5
61eb747d9aca2e32df170bfe5cd278ed
-
SHA1
e7086ca9616727f0d612c12e5e19200f98b35b26
-
SHA256
2902b2d11793853c4ca9a23168b421afed4aacf0f345cc7ba955b2ae9cd61605
-
SHA512
6ea3dffbfb9071c506affd7b1c6f4cc3d6c911775b4df31adb8f25c75d99f536c67fcdddf4d107d1f6e969d6155fef738015d756ed8b936ca7f354ba554a8952
-
SSDEEP
12288:xoZZL+EP8MzMQQWRJ6TvSgR1ExP42u9ODA53:zI86MQQWRJ6TvSgR1Ext
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1250906915148660757/n5kTt2muM1UsIJ3KdGNFsQoNfCd6iKdJbNs1XwVdH3VTtaQoX95hDgA6iAiDVU0OKiKV
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Copped.exe
Files
-
Copped.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 227KB - Virtual size: 226KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 206KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ