41f5128a190d17a2e3401b742433c72aae5730788e99b0fb193daa4afa462d5d | Triage

Submit
Reports

Overview

overview

Static

static

6

free-iobit...er.exe

windows7_x64

8

free-iobit...er.exe

windows10_x64

8

free-iobit...er.dll

windows7_x64

8

free-iobit...er.dll

windows10_x64

8

free-iobit...ys.exe

windows7_x64

free-iobit...ys.exe

windows10_x64

free-iobit...on.dll

windows7_x64

free-iobit...on.dll

windows10_x64

free-iobit...32.dll

windows7_x64

1

free-iobit...32.dll

windows10_x64

1

Sharing

General

Target

5290225986469888.zip
Size

12.5MB
Sample

210120-9t5bz59tc2
MD5

3e1a213dc694b4caaf5617b217421a84
SHA1

74b5dfe67ffd73ef229192b054090cbbb447b1fb
SHA256

41f5128a190d17a2e3401b742433c72aae5730788e99b0fb193daa4afa462d5d
SHA512

60be3b25a0f597e0a39342009398b5c060803f66178933248a7fbcb12ae01d0a7223e30476e0fbd94ff78bd409b5967752880a1ac3e9a251775be07fee7ad9d4

Score

10^/10

persistence spyware upx

Static task

static1

Behavioral task

behavioral1

Sample

free-iobit-license-promo/IObit License Manager.exe

Resource

win7v20201028

persistence spyware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

free-iobit-license-promo/IObit License Manager.exe

Resource

win10v20201028

persistence spyware upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

free-iobit-license-promo/IObitUnlocker.dll

Resource

win7v20201028

persistence spyware upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

free-iobit-license-promo/IObitUnlocker.dll

Resource

win10v20201028

persistence spyware upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

free-iobit-license-promo/IObitUnlocker.sys.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

free-iobit-license-promo/IObitUnlocker.sys.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

free-iobit-license-promo/IObitUnlockerExtension.dll

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

free-iobit-license-promo/IObitUnlockerExtension.dll

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

free-iobit-license-promo/sqlite_32.dll

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

free-iobit-license-promo/sqlite_32.dll

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  free-iobit-license-promo/IObit License Manager.exe
- Size
  
  2.3MB
- MD5
  
  c5590280301ee2296466e73e64df1745
- SHA1
  
  bb1ae42e774656c0cf5fb43d6c9383da45d15cdb
- SHA256
  
  9fc3749177398603cedf33ee06b4d135569a4c20112281b71df689f160264dc1
- SHA512
  
  b844766f86de382a96c6896bc21af22b1b3d41ea22d894591811093add2b2c4ca96da4207c5441d8fd36760808c59e580e084b1c6b46ae923790e590be84b6df
Score

8^/10

persistence spyware upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
behavioral1 behavioral2
- Target
  
  free-iobit-license-promo/IObitUnlocker.dll
- Size
  
  12.5MB
- MD5
  
  0845197d8244d6a5b670c79f28680245
- SHA1
  
  0ad96945a0f8d3ca2a14dbb7627caf6ae00010a8
- SHA256
  
  b53f222ffcc99939a1141a06e2240525c7154fcf2f39f8c5ca19a079e08a41fd
- SHA512
  
  375a11b918e9b81cea4cf69836a26c4a61b1edd9f31b114d23dcc7603dcaed3d82ef82fe2ee488e6d1d7aedf18437f82d4b233961cd2d07cf330166fe031049e
Score

8^/10

persistence spyware upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- JavaScript code in executable
behavioral3 behavioral4
- Target
  
  free-iobit-license-promo/IObitUnlocker.sys
- Size
  
  65KB
- MD5
  
  47aa03a10ac3a407f8f30f1088edcbc9
- SHA1
  
  b5d78a1d3ae93bd343c6d65e64c0945d1d558758
- SHA256
  
  c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66
- SHA512
  
  3402ca68b00ffd9e2551f97b3895990ee0274f14f117505c3588ea76c716488860ac2da07c1d9275bbc43eb87b88893c52fb04d15f1afe7b7bf7d9a524961101
Score

1^/10
behavioral5 behavioral6
- Target
  
  free-iobit-license-promo/IObitUnlockerExtension.dll
- Size
  
  111KB
- MD5
  
  7b0d73bd68c2ddeb1789e0cac0e8f194
- SHA1
  
  a76ca63ebf70d546f489f38fc90c3b8b25567364
- SHA256
  
  aa69b781c6c5c67a2c737df96c14a34d1fce2c5a87f523ea9d365ee1db2968f7
- SHA512
  
  ab2ad2ac541db34c68544f56762954931d970f013afdabef4539ba999319f49249863ea03ee8a1d1c44c66e93cd7ceac9fb8ddb9b46ee0d6f51c13b6ef920bb7
Score

10^/10

persistence
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
behavioral7 behavioral8
- Target
  
  free-iobit-license-promo/sqlite_32.dll
- Size
  
  77KB
- MD5
  
  69cdc240b3f2ad30b989e2c6cf705383
- SHA1
  
  07f3508c44d503d39fb4b7924ededaab2a9768be
- SHA256
  
  e42526f348de6a97f9746686e8409e396b42ce0c552dfdbe34855455c837b805
- SHA512
  
  25ea3582470e9fc42e7d4a8a652b8ba37b726cc03a1ab40dcac60b7c695bf9714f501be50b01775a6344d09856ca8d2b3a030f5a27efb34a7d9dc98a68eadbca
Score

1^/10
behavioral9 behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywareupx

behavioral2

persistencespywareupx

behavioral3

persistencespywareupx

behavioral4

persistencespywareupx

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

© 2018-2024

Terms | Privacy