728e1ac24c9bc5cfea93817c7fbc3f47571b6abfb202ac305b5b1e73efe6da67

Sharing

Copy URL

Twitter E-mail

General

Target

mobiunlock_installerB_20230717.716906.zip
Size

1.3MB
Sample

240319-ybgyhseb4y
MD5

57a2a5b72e1ccca7c0be305149b3b4e6
SHA1

669f08b1957fc975317807278e9d893437cfd8ad
SHA256

728e1ac24c9bc5cfea93817c7fbc3f47571b6abfb202ac305b5b1e73efe6da67
SHA512

345e631906ba423769d71994d069274bdbd4cf75ae458ac36a48773c9f22f6413d3687cd80ec54921bbcbd79119af72970fc4e5dcdc22f1b88643f8e399d7442
SSDEEP

24576:tJxrVODpmQLfhhsLQiDiR5j6FiXOXmCa/VO6vloaUJ15ZVujB8XQakGmwDO0U5Sl:TjhCr4iXer6vlZY1Mj2dkGm50UH15tSZ

Score

7^/10

Malware Config

Targets

- Target
  
  mobiunlock_installerB_20230717.716906.zip
- Size
  
  1.3MB
- MD5
  
  57a2a5b72e1ccca7c0be305149b3b4e6
- SHA1
  
  669f08b1957fc975317807278e9d893437cfd8ad
- SHA256
  
  728e1ac24c9bc5cfea93817c7fbc3f47571b6abfb202ac305b5b1e73efe6da67
- SHA512
  
  345e631906ba423769d71994d069274bdbd4cf75ae458ac36a48773c9f22f6413d3687cd80ec54921bbcbd79119af72970fc4e5dcdc22f1b88643f8e399d7442
- SSDEEP
  
  24576:tJxrVODpmQLfhhsLQiDiR5j6FiXOXmCa/VO6vloaUJ15ZVujB8XQakGmwDO0U5Sl:TjhCr4iXer6vlZY1Mj2dkGm50UH15tSZ
Score

1^/10
behavioral1 behavioral2
- Target
  
  mobiunlock_installerB_20230717.716906.exe
- Size
  
  1.4MB
- MD5
  
  cbe4c227d93196e7cee53fe8999bbae1
- SHA1
  
  ea53bd426699a12fc9d287dda5280bb28dba7eb6
- SHA256
  
  e44ce7eb9297fd92fe866cd653b5c22ec66417703818391874ee666114edf5f6
- SHA512
  
  badcd04b166cae6188e839f49df5fb593b2e2abc8feace2832c15e5e06d1cd9bae11c1500bc4b355fce5781f1d8db895cec741ed4eb3859067aeeb9238e84ff4
- SSDEEP
  
  24576:izOW0J6jyCC7VzvBi9Dj91qh2oSjJQDLj59FAxd0hBcoxCN6sws+Afq5BtfZgpv:UuCC7VtUj/7/ODP5ydScoMM0+Afq4l
Score

7^/10

discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/ChineseTrad.ini
- Size
  
  2KB
- MD5
  
  b2724eb4f88e8f7c0e9483ed1866c38e
- SHA1
  
  333acfcba14732546f1bc36cec92ff1544ad5056
- SHA256
  
  43a56eeb90c9df049751b5bd9bc27f3b720ebbf4827e3889b3d0b297243d301c
- SHA512
  
  a61e32a8ae48e14a0124319774b026c976004213ecfad0aea9bc49016c0d76be54e000fe040ba3873e4d5ac77b1ccbb87e3265cfb20102d3f89d13ded209dd7c
Score

1^/10
behavioral5 behavioral6
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/Dutch.ini
- Size
  
  2KB
- MD5
  
  3bca4234405a6cd076cb7ff4863a38e7
- SHA1
  
  8ac74383f88443756bbfb95f84d736f7a718da36
- SHA256
  
  0be0e19800a7457f9c49a0e1cae5b3fc5adf1a09aca87e6e086bfc65cd30909a
- SHA512
  
  e7d51c8b4df82879e658f240089fe5fd50089bbc5f02b0d0ec6794288911c71bc10a0b5fc65dfb69999475ce77306526b6489847c91174bc19f45ee8dce5f99b
Score

1^/10
behavioral7 behavioral8
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/EDownloader.exe
- Size
  
  1.3MB
- MD5
  
  20c3a46be949eb79340dd1d9422fe748
- SHA1
  
  214490b862de79c8a93c7c174b6be11d6930fea9
- SHA256
  
  18ab66502d20d6d49489b892df6f9039854d20552a12cf4850498cbdec81520e
- SHA512
  
  2c6aacf75c8fec6ad321fced5f2f45f0cbbf8bbd573cf872ddb7001df66835000bcb74aeca9ea03396789742052284bb9929b5d996e05363e0961a338889a84f
- SSDEEP
  
  24576:R6qQCyR2xl7w8nYh40xQPZUTBEvh+VYou+kzr4S:6S7wRBEv0VYoulzrx
Score

1^/10
behavioral10 behavioral9
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/French.ini
- Size
  
  3KB
- MD5
  
  768e289e8805d162d91910c5200935f6
- SHA1
  
  c8dbaad765add26fcdc5b1e896714dd0c79e9962
- SHA256
  
  e07ea0d01cb8fa9b5e807fae1f8d9a88310169833814fb798959d12017ed1cc4
- SHA512
  
  89544ccbebd620b9f56c5074ccdf9473d3f9370ee2263a180007614e1880ab86c2ffef7866901675c8205b160eff39187b62c4600f9515efb39ffc3c13151aa1
Score

1^/10
behavioral11 behavioral12
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/German.ini
- Size
  
  3KB
- MD5
  
  e8fa085d734c5aeddd0f90c3dd59986c
- SHA1
  
  746f9e77fb75eb6903f163db21e83b96a368fb93
- SHA256
  
  4afccd02648fe1e3a34ecf2f173e9c6e4437c9acc6a21073f6e6670bbf9162ee
- SHA512
  
  ce9fd130d7efdb04f718b5d48aa1f4ab25c975f2d80baa8c25bf09ab97d0235d05fc6a7fc5d5256759bd1c03282e6b778ad7275b6f5c7451da31b54c2ff561bd
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/InitConfigure.ini
- Size
  
  2KB
- MD5
  
  a4584bedf260f905f143835c0ee80de2
- SHA1
  
  c7a4f81b5a340004312cc1b47957a1ec64a6c12c
- SHA256
  
  ecb3e26d5aeed340ac30d77e2279ba96faf0a4b6ca0279aef40cafde319f4e8f
- SHA512
  
  f627f361a5c61ef7405338757c60a87c1964ea550ca785d0f6cd4c10c1b96f6621314ae17adcdfa5064b846d76c00b347152c6666a98548413cbb71078a0a907
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/Italian.ini
- Size
  
  3KB
- MD5
  
  59d3371102bbd2d4118b2d58aeb9ab9e
- SHA1
  
  b5511e0bd708ed17a7bbd35339eb263bcff0a210
- SHA256
  
  b77947ce0b166b5b624084b26ba4f451522786423df0866059e2bf8f7c077647
- SHA512
  
  58486487eaefbebc2d913bd55b8111d9e2db84e57632ed047b45dcf58d8479eb8b0ba3afe0b293566f0163dd008e161813829312354db1d62ed87ea2c6770c43
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/Japanese.ini
- Size
  
  3KB
- MD5
  
  5f10412eecb990795787f9642dc2984a
- SHA1
  
  bcbb68d61fe60bae387122bee1ca12710248a00b
- SHA256
  
  721d3cb51808483ad1d05437608f6dfbbd8a5b0de62c93cb47aae0cc9096aa4c
- SHA512
  
  79e6f0024f9299dcdf09e897c4fae3331d4f8ae347ee3822685a68be4d91fcf2fc55d0399ee54c6fd4a50fa0b63c64f85f0dca11a22391b4a6ecf7c465cf9140
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/Korean.ini
- Size
  
  3KB
- MD5
  
  053075822ba08146240e24260a3bc8bc
- SHA1
  
  87e3bd3bacb2488eefcc056c978401bcc20edc48
- SHA256
  
  fb68bf9bf6473627255dead227a3bd3e79901c85f741482d615c1a09dc191ccc
- SHA512
  
  2c5c9d5b2d913d334890b261f05f0a1a46e0d862c8dbfc03c6b4326795b2a21504000e6f13576a0c33be3553ee801e2d9fde4946900d99eefb852b9f13b2f61f
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/LanguageTransfor.ini
- Size
  
  224B
- MD5
  
  24caee55a9c3a6c3844481729a165849
- SHA1
  
  a7699f0c8ad6786bb200422a01628ac716ac6648
- SHA256
  
  62c944a6bd61d696a2029cb06180ec2c3051fc85d1ed85918c8ebad573304683
- SHA512
  
  31f1b1850f9dedd121f38b28a662b9bb3673198f6fb6819c11e532ca301d30a8ce5a146a8fbf683a54ef4783ce2fd09382061f036ff1a2ee78862d31bc2c383d
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/Portuguese.ini
- Size
  
  2KB
- MD5
  
  c3ea736bd199658dc57a27cc7330a613
- SHA1
  
  ff3851228b143cc91053ac718cb92efc1cf5e531
- SHA256
  
  a70a6ea122c8995ccb985d8f736375433a51fa9f69d86598359b8bdd38e776b9
- SHA512
  
  36a171d7c5bda8068a835e7eeee47c83e1c8427386d793b2095a3fcd138cfca9816661c3c010c62bb37cdf4cec270fb2f8c3ed1f6c3f55859e8bb13f0186844e
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/Spanish.ini
- Size
  
  3KB
- MD5
  
  1e98abd0f79acf2cddc6771e7a56e757
- SHA1
  
  15d9bee775e655b39bd065493c2ea91bf56cb55d
- SHA256
  
  a18ce6622175b260a285d377645648957922fdecec9c1afae1026492ce5c8ceb
- SHA512
  
  3d3d3c1c75e170427b9b2b0e808e342e63a786511d62208c12799b25ea48f5fb9fc44257173816f2aafccd519c316fde9fba274ff97d946f13fc0a91437e470b
Score

1^/10
behavioral27 behavioral28
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/aliyun/AliyunConfig.ini
- Size
  
  1KB
- MD5
  
  31adfb21c55dd5880a0164c89cc8985f
- SHA1
  
  981e837e668a9dadce3aa633b6f63d7d5b07add1
- SHA256
  
  37869b1fe7d398861283dd6698682af3f4acbb12d5e3f0a86d429dfc1783b2c7
- SHA512
  
  12379d929a7a9ed2e3a7d486d2e1d2e3796658e0dedfffb626cb13180a780fa24020adbf9228f5fa86510d6d8aa90bad3330c732a5ca84b9cf6764b9f8215fc8
Score

1^/10
behavioral29 behavioral30
- Target
  
  $TEMP/downloader_easeus/1.0.0/9trialB/aliyun/AliyunConfig2.ini
- Size
  
  1KB
- MD5
  
  584ae538364f9b25a4d13b272326a0cb
- SHA1
  
  389df25c35e82df042cb3d774372b07be4a71102
- SHA256
  
  ef9059e0019392ee31c6b98e36792c9699ba03c4b6539948c0c790e770ac4f6f
- SHA512
  
  3a94821ff9db9f0ace8317a49892d8fc35621265bc02db9303f710de9de8daff5b1af25bcbb3e03a3225e0d869c8dba7f9802d9da78928615d6c1128ce006d42
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Blocklisted process makes network request

Downloads MZ/PE file

Enumerates connected drives

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32