General

  • Target

    Unlocker1.9.2.exe

  • Size

    1.0MB

  • Sample

    240215-nnyfxsfc5z

  • MD5

    1e02d6aa4a199448719113ae3926afb2

  • SHA1

    f1eff6451ced129c0e5c0a510955f234a01158a0

  • SHA256

    fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397

  • SHA512

    7d0f1416beb8c141ee992fe594111042309690c00741dff8f9f31b4652ed6a96b57532780e3169391440076d7ace63966fab526a076adcdc7f7ab389b4d0ff98

  • SSDEEP

    24576:eLMeYSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXE7ZBlbT:+PbVvwqQpoLHontDrlbT

Malware Config

Targets

    • Target

      Unlocker1.9.2.exe

    • Size

      1.0MB

    • MD5

      1e02d6aa4a199448719113ae3926afb2

    • SHA1

      f1eff6451ced129c0e5c0a510955f234a01158a0

    • SHA256

      fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397

    • SHA512

      7d0f1416beb8c141ee992fe594111042309690c00741dff8f9f31b4652ed6a96b57532780e3169391440076d7ace63966fab526a076adcdc7f7ab389b4d0ff98

    • SSDEEP

      24576:eLMeYSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXE7ZBlbT:+PbVvwqQpoLHontDrlbT

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $TEMP/DeltaTB.exe

    • Size

      767KB

    • MD5

      eb2764885565b6c01cb32e5f51f213b3

    • SHA1

      cc41cadbbd6ba6ed0bfdd17798b4c9f94d7955e0

    • SHA256

      d7146999ff94b3ae092f3213ddf0217615f1d38798393b66778d11aae2b68eaf

    • SHA512

      ac88795b2e8260ace9eb57d2a3fdc4aadb18e2cb0afd780459f51d25f83b34f7033425dc712655e423eba4e011fd2776f53463042f2c2d9dd427554c04cc840e

    • SSDEEP

      12288:XSsZfDKTpv0aNjLDiIx56qQDtOZTIzOjAWe0YiZ2PADaRx6Zfuc//yTuXbdir7+:XSiGTpTLDxxwqQcqOj5eyHox6ZGmAuXr

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Target

      Unlocker.exe

    • Size

      122KB

    • MD5

      0a77f732624155a215f5ca54df9b2930

    • SHA1

      172bdf71343dd6544cfbe04abbc3dec4535f7d84

    • SHA256

      a0b651038c4301f70e4aea506eb90edc584a5c4ca46880c7dc2ae5eafa6dc506

    • SHA512

      6482c9fc3b5ff9d5798deb9965b4dfab9ba62b889e921011696f29dd96b813194a59f76a52a88fa4962317c6a43a21122c857e4ca80c6c4360c2cee544117352

    • SSDEEP

      1536:QjL8UYqusRZHN+R6iJBf232Qxl1D5ljFerDUF7TGMvB+xpgGfGlbPMcpEkAEAG+L://sRZt+R6+232QLADzMvYonfgQ/Y39

    Score
    8/10
    • Target

      UnlockerDriver5.sys

    • Size

      12KB

    • MD5

      9dc07e73a4abb9acf692113b36a5009f

    • SHA1

      0c45b0fa0718e5aba0f21f14178597a1ed3fc208

    • SHA256

      ca7176fc219515d58dcfa66ec61880ece5617275c9b83701bb74d8b60e733d34

    • SHA512

      7bb2f07df990689933b344d2e3061a5e1324aba011e703130379ed24b253bdd464c9d26b8efe2d86523f241236ff1b7edb02919801850bb749849215b1fabf57

    • SSDEEP

      192:dqD9l0Hvj1+z7PcFVyowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl50Xe:60HvozjeVYJLygbPbCQW1M6jYXe

    Score
    1/10
    • Target

      UnlockerInject32.exe

    • Size

      11KB

    • MD5

      5b964dbcc99edee45a6f235417713a93

    • SHA1

      e65bb79a470a509a50b4c275c10bc10892ab11ca

    • SHA256

      3b1afea2711e5d731a60b41e87f4711fe1db3345fa316be20347376068479dd5

    • SHA512

      60dd41e0434fcc7d6d57a02d69cd47c2b74c9c18316f59aee88da087c22c3e8408aa94ab9738edc1b229db8f83e620354394ae3847e216c2bce33dc0d3e62743

    • SSDEEP

      192:kpjAiTRs0TjebH947yowJL/W6Mgb5+ebCfYEQpkqs1I5Zgjl5w:kWIsUgHqYJLygbPbCQW1M6jk

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks