a0f4cbd29c0df82eec8c76b215ab0351a7c7dfe6c815b6235774575cfb3cc692 | Triage

Sharing

General

Target

a0f4cbd29c0df82eec8c76b215ab0351a7c7dfe6c815b6235774575cfb3cc692
Size

7.0MB
Sample

240814-ay45kaxflq
MD5

0d5fed8df555b35443d81ee23e7af26c
SHA1

4b3cf3771bf376f5a51498a4f3878f734cd6f275
SHA256

a0f4cbd29c0df82eec8c76b215ab0351a7c7dfe6c815b6235774575cfb3cc692
SHA512

2c12278525052482117b119700f3f25393b57d5205eb8e41483d338819b2c86815f66a508d50b64e1320477214e865029d95fdbf1ed6c71173636904c57b81bd
SSDEEP

196608:Gsu7lf+TUaGIb6JbJCvKkyrIQt4bCIR3QMAQrZNJPB35:GZlf+3FW6KHNvoQSr3JPB35

Score

7^/10

discovery evasion trojan upx

Malware Config

Targets

- Target
  
  FastCopy 5.7.15/FastCopy 5.7.15.exe
- Size
  
  800KB
- MD5
  
  1d7219cf3a87dbedad93498b934f5b35
- SHA1
  
  710a24aa2867cd316ec1e1436520c9cc29c01ab3
- SHA256
  
  627272c0b14b95919b07c3e93912baf379e256f86a041750dff87f5f124d5dde
- SHA512
  
  e6a3955c8fd17bc0a9595d8ffe00f429397ea446402fa286bf32194df806eac03d151c6bc83fe5af5cacc9445f427426e14807592c1738b31efaaf26680536c2
- SSDEEP
  
  24576:miaNv6AdXo9ioFCQIZbf4x/4QJ3gnEwT9bO74A0YqFno:ckk/ILteYtUZo
Score

7^/10

discovery evasion trojan upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7z/7z.dll
- Size
  
  1.1MB
- MD5
  
  fc5e7bc4bce422423ba6ceb23d2e5de0
- SHA1
  
  b76272d4f0b3ce0f56c927f0d82a73c195471314
- SHA256
  
  c324bc0bef9ed1fe286cdec0ff061cc71b4a236663e2e33813301045efe22f4e
- SHA512
  
  7248f54db970985b824e2f1934e5d739e25d7885d5c317f1c423d49ffeb50f007ed7a19a67a277b5a20e0df3b46de6c15524ab94333c2da59fea5701f41d4be2
- SSDEEP
  
  24576:k//aDLAVLLZmB2jv1ZQbsx74v1ccjeIMasrPCjn/+WSiL+c:k/ELAzmB2jv1ZQb5vP+Cj+WSW+c
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7z/7z.exe
- Size
  
  322KB
- MD5
  
  e96ca76c61c71b3f424659d34a70e55e
- SHA1
  
  2f2fc7fd4d9bd3700e24fc74edb0993f224cd782
- SHA256
  
  604bbefa936ec531bad588a0faaf7df22d9b0187afda4fac1c04018948e831fc
- SHA512
  
  563dc747f0d3dd79b8ea5caf8e487273645a38638cf06099db114108233fda002dfd189bafb57255c7b300b2270c1d1783394a6d9ee0eac7113329ae39ed4373
- SSDEEP
  
  6144:7+FT3ZEFMicDwJytw9ppYII4n0nNF8Ar08gz+f6dI7r/DNI:7+wMiFctw9pCIh0nNPr/gwrNI
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zSD_2106.sfx
- Size
  
  123KB
- MD5
  
  42f1efa55b45dc08f5b2d23be0e32aa7
- SHA1
  
  c390861e4f7ab3336cc7d5ef9412ed547b792eed
- SHA256
  
  12e35441d088e97d882741599e08cfbec70d9ae03a769d72fe2f076292914c8b
- SHA512
  
  9e9f439a635018b978b603abfc6ee9da5bda90bf57d3427ca3be1e77239f3ec43725bb96e0a76431a358cca5ef557a6b08a74e95e3323faf9e68249c00511197
- SSDEEP
  
  3072:VhXX8E1+gzsVsEYPPiFdB6VB+91zpHnUb:VhZ+3sEKPiFf6VBszpHnU
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zSD_RU_170_3900.chm
- Size
  
  349KB
- MD5
  
  5e2ad96795fbab51f983124269f946c2
- SHA1
  
  7d0e978c510e85d707cb793921139a7ee1108d64
- SHA256
  
  2174f71cbced356163aee5cc263f5ff61703db25b1b0968c8d14753c3623500b
- SHA512
  
  c666be0eff8e45c6290280619725064c7943171b08d6f5547c54f007eaedf039cab685cd2cc3b325b5d7bcb44b85798f805c938e66e2a39a86c27fc7f53a606c
- SSDEEP
  
  6144:v72e9DI3epCSrQOw4rD/WXDeEIlN+fsDC4PBfknKNd6cNVNKAZbcKsMRu0wvfhaS:z2CKesO5rDmDQ+EZkKNd6cEAeYTo8W/N
Score

1^/10
behavioral10 behavioral9
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zSFXȫ_x64.exe
- Size
  
  190KB
- MD5
  
  7d5956337f92e50a6c78e84efcd6703a
- SHA1
  
  ccd3c87883f86a6f97f7913d6e43623662fd5624
- SHA256
  
  8908d28ffef8c91fb45ab21ab83baaa6fd384b8d873a03ae302640b297e46c0d
- SHA512
  
  5bc31200251832f591dc2a1a270b2ba26bbfd229e076ff1e35f1ba6faa7634600c7a0a65ff36f10aafdaf761242e952fd06bd69c51041a163c9d50a99c30aed0
- SSDEEP
  
  3072:fZpbWdAbvnKFzhqlTc1b1MrBNdpudpR970U/bjWWWgCfk0bsKUuOh+vKN9rXGGL:fZll7KFzhq+1aboefOhIKNVfA3bi7zu
Score

1^/10
behavioral11 behavioral12
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zSFXȫ_x86.exe
- Size
  
  144KB
- MD5
  
  7498069f378cab6f36af732283731db1
- SHA1
  
  6e6dcb8e6fe40cc8c9524b24c9a630cd0b53d684
- SHA256
  
  a1d0952d71e8e9197b0e003dc905fec74de41c7c2e7f9a301789b819f24df5c0
- SHA512
  
  814f1f181acc19a3e6a5c5e3967dba08bd25c59acbb3bd23b7bfc06869f3f31f9fda8b933ff3558fc9de4d3d12299822cf1b4bc1eb79da6ddea51004eedbc674
- SSDEEP
  
  3072:m4zux380TahgerG/Iv0mAAAAA+Tc7Al+uLDNAAvx13Mnp6cqru:m4zsv23G/Iv0alTNj+nAZ
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_162_3888.sfx
- Size
  
  133KB
- MD5
  
  fa23401861bba345362aedbbaea25618
- SHA1
  
  c5e18c428737c0beff9e707228bc2556452a3493
- SHA256
  
  11c5f2a7bf35637ec030a77bc90c3ae974ef46006832d2390063ab88a8fe0cfb
- SHA512
  
  f33a864411da1f5a26159cf6cd0d801e7abed212a6b044411bfad5aeef89af44944ee3817168c5d0969232fca72c5c3fcae6bd3a9344b95d56134e757820dfc5
- SSDEEP
  
  3072:sh5T3Wk/iuN60LvA+T/lFAAAAANpkTUVAd6di9jK4B+I8J3OSdiG:gdq060bv/lYVTiNxB+xJeSUG
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_162_3888_x64.sfx
- Size
  
  182KB
- MD5
  
  d0416b410d676c5f8c6a4e848dbe04fa
- SHA1
  
  e438c2e5b8709ee1acb919c0ec787efee1a47829
- SHA256
  
  16d14f946ece05e9035d4adb04039c3d1762e20b338d67414eca4640abda7557
- SHA512
  
  72bf4d96e5098ba27aa183bfdf958d8b76f173fe45a764a8d3610822ae11c48fccba02ab290c8ebd4105c8a03c9e7eda05a48f2f351d3e3a5653f9c808050115
- SSDEEP
  
  3072:2b8xjkFJna/APOqnYqfEpR97Y5fn/oWWWghIJ0ixK0W2rmLiJQ+l1kpZOs0IAKEO:68xjkFJna/gOrq7Ax2rxJQjpZ5AKPz
Score

1^/10
behavioral17 behavioral18
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_170_3873.sfx
- Size
  
  134KB
- MD5
  
  7e36e867800c78b98f721c5be4aa0563
- SHA1
  
  f6b33da5734ff5776cc184d9a2b4e071dd279879
- SHA256
  
  8022a4b1b71f16730eaa1fc248c2a166bbbeae5f101c3ad5461452101e3d4137
- SHA512
  
  3e7c7ef7a0460aecf80007e82260c0715d48fcfb9d823cec6a858d187b918878aa0499276697e68648d77cef02e91250bee8482fb7d15c34e25d3fabab8da7d1
- SSDEEP
  
  3072:RtZc0YG3OSHC8DqqDDJ57a5aRWMJt8ePx4ERxJuPo+Ai6:z6BAOSH7DzDJvo9IxlRxJYnr6
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_170_3873_x64.sfx
- Size
  
  186KB
- MD5
  
  4cee706007a7ba61c183b550f0c5a61f
- SHA1
  
  4f5e6a889917cdb6498b4ab94a4aa0bb1734c8f9
- SHA256
  
  b58940023f67450bf4cc0ccdb4f21b326d71ed08dfc023d59087676bf95afb93
- SHA512
  
  44197fdb3e9094829e7a7c0971f45d9df58785e34cbd5520c9ab90f14e55587b610c10c8e1f165f42d66882b2cc274fea3783df6477630a15000e44f7d978fcb
- SSDEEP
  
  3072:xjTt/Pno2hl0z59pG5CvSJMkwD5Wp3Tiiik4lpJpTvEBPJn78Sry0H2wsw0rapuX:Bt/Poul0Vie2RKZY78Srwxlf35wvK
Score

1^/10
behavioral21 behavioral22
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_170_3888.sfx
- Size
  
  135KB
- MD5
  
  39c03006daecfc003348254ab85f178f
- SHA1
  
  2396f8905a7ece1f1fa2307e15af5f993b6abf96
- SHA256
  
  0596b9f10e46f95f5d17414466e1b04a8ac9800c0c0c3f2713188a626b42830e
- SHA512
  
  d7ce8eced522bf4efe8949ccbbe5e1a13c0ef4b6614a5e88d089eb060109c490bf781604d1d32b0547f9429e7b91659d18ada00f34ab8bf485c434a3cad9a9e3
- SSDEEP
  
  3072:5fDcwDrnbhYNABruIIqk0Zk5AAAAA+wiwgimGx0NcXvSYfnu1Gs0G:5fDcwvlYNAsAuUm5cXKencG1G
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_170_3888_x64.sfx
- Size
  
  187KB
- MD5
  
  10fb805686c7c86103a0db93c62cb167
- SHA1
  
  932759568c207e79a4ba658b0ffed6013f8dfed8
- SHA256
  
  81c46bb3c19d365f5c4206ee8bdbd5bc163817ad2eb8c99d98c28d1e444f15ad
- SHA512
  
  b6751c085292976ff5c6926e5831b29289f02d626c12b9e6b022c200045ca565652b3e50f0d2866ac093e3444225acf3c3b5e2d8fefa7e0486925dd5beea7bba
- SSDEEP
  
  3072:L3Q9lZSf7UoHqsA9lT30pxd7E5/aIWWWgm5JU5xqUUs94PAeOJvBTe3lTet7sWi2:L3QbZS7UoHOTOLFIZex3lw7Zz
Score

1^/10
behavioral25 behavioral26
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_171_3901.sfx
- Size
  
  144KB
- MD5
  
  6b62f6a090c80f27e120fd543016affd
- SHA1
  
  d70e0ff060ee5380112a5a35d75ab79286074963
- SHA256
  
  42e7dec05e33ec287f27da546149324ac98eaa3189ac15bee181fe538333af74
- SHA512
  
  510793f8e9d908753860b71061a6c56a544840ad02348ce7e4cb7e232fc5284990c5cabfb187ec2cd8f7fc92901f7bc1247ca59f0f13ab5911fbab1d7a99904f
- SSDEEP
  
  3072:m4zux380TahgerG/Iv0mAAAAA+Tc7Al+uLDNAAvx13Mnp6cqru:m4zsv23G/Iv0alTNj+nAZ
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/7zSFX/7zsd_All_171_3901_x64.sfx
- Size
  
  190KB
- MD5
  
  1f17303252c2bbcc6c9bcc25c9113b6e
- SHA1
  
  2642234d0de00cb936ba8627e9ae400312c2d2e4
- SHA256
  
  f33d346246b16a8d762e88be3d9b3c3751f002f81819a7507e6258e100c38a4e
- SHA512
  
  4c852981681dc52a1417d8c641125e756896416aa97c3e8582a260831e200f44a24e072b98a6e20b23fbed9e1a1ed4d0ffd4c4158a5bedec79c2f97775a78b38
- SSDEEP
  
  3072:fZpbWdAbvnKFzhqlTc1b1MrBNdpudpR970U/bjWWWgCfk0bsKUuOh+vKN9rXGGL:fZll7KFzhq+1aboefOhIKNVfA3bi7zu
Score

1^/10
behavioral29 behavioral30
- Target
  
  FastCopy 5.7.15_x86_x64_2in1ɫļز/Bin/ResourceHacker/ResourceHacker.exe
- Size
  
  5.4MB
- MD5
  
  8c7ea036024cf7c7a42734ddc6bff73e
- SHA1
  
  d7851635d74274b30e9a778fcf23aec912d62b5f
- SHA256
  
  c2c25badd130f393a28e73e07407aa985d28ce0e9fe55e4362a5e044494423bc
- SHA512
  
  8695addb703837d658e304e022953f951501fac4024d3b0816f70976a24c0f95c4fa17b8d18b54fc1050f3813e019f43aee60aff71fd6a9a9a17554ce65eeb34
- SSDEEP
  
  49152:jDDFVHcYex2EIjwg5mSw9EOl3jQ2X5W0OJ6HH0Hk1QZejTBxTUQGXtblVMnsNxAk:jP/LEiLMQ2Q0OJ6JQ610dREZKh
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojanupx

behavioral2

discoveryevasiontrojanupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32