Overview

overview

10

Static

static

1

Unlocker1.9.2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unlocker-1-9-2.zip

  • Size

    1014KB

  • Sample

    220903-tk815shdhl

  • MD5

    e560af917b573be4b3e16877c7e2667d

  • SHA1

    9cd65f3b5e024b09cc4d0c33458c4dd6f1c6c65d

  • SHA256

    57bdfb9bde70c7384c25564f8c878afd8cdacfc199bd0c5711d41bc2f884c5b3

  • SHA512

    e1492a67fd785b87d787078af7c437d06d5d3402895e38ad13617576e1b201ef6045b9491b7471b7d10a8e2e2e6a43588f0fc8cdfaed773ffc25280b01b10c28

  • SSDEEP

    24576:QjmJe+QYoTPb7D1x0IMo+OjHyQrGlCrG+ou5afmTsA:Qjms+Q7f70IM9o/rGhhFsj

Score
10/10
discoveryevasionpersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Program Files\Unlocker\README.TXT

Ransom Note
Unlocker for Windows 2000, XP, 2003, Vista and 7 both 32 and 64 bits. Copyright (C) 2005-2011 Cedrick Collomb / Empty Loop unlocker.emptyloop.com Using Unlocker -------------- How often have you tried to delete or rename a file or folder and got "Cannot delete xxx: It is being used by another person or program." ? Unlocker is a tool which will help you overcoming this scandalous Windows bug. Simply right click the file or folder and select Unlocker. If the file or folder is locked then a window will appear with a list of processes locking the file or folder. Select the locks and click Unlock and you are done. It is recommended to Unlock wisely and to close open processes locking files or folder if any, but if only Explorer.exe is the culprit, do not hesitate! :D Terms of Use ------------ This software is provided "as is", without any guarantee made as to its suitability or fitness for any particular use. It may contain bugs, so use of this tool is at your own risk. We take no responsibility for any damage that may unintentionally be caused through its use. You may not distribute Unlocker in any form without express written permission of Empty Loop. Licensing --------- If you are interested in redistributing Unlocker, either in original or modified form, or wish to use Unlocker source code in a product, please send e-mail to [email protected] with details. Reporting Problems ------------------ If you encounter problems, please visit http://unlocker.emptyloop.com and download the latest version to see if the issue has been resolved. If not, please send a bug report to: [email protected]
URLs

http://unlocker.emptyloop.com

Targets

    • Target

      Unlocker1.9.2.exe

    • Size

      1.0MB

    • MD5

      1e02d6aa4a199448719113ae3926afb2

    • SHA1

      f1eff6451ced129c0e5c0a510955f234a01158a0

    • SHA256

      fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397

    • SHA512

      7d0f1416beb8c141ee992fe594111042309690c00741dff8f9f31b4652ed6a96b57532780e3169391440076d7ace63966fab526a076adcdc7f7ab389b4d0ff98

    • SSDEEP

      24576:eLMeYSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXE7ZBlbT:+PbVvwqQpoLHontDrlbT

    Score
    10/10
    discoveryevasionpersistenceransomwarespywarestealertrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks