General

  • Target

    anyunlock-iphone-password-unlocker-en-official-setup.exe

  • Size

    14.1MB

  • Sample

    240501-qcntfshf23

  • MD5

    42f74b42135f9dea8b74d4df8600d62c

  • SHA1

    b176f0c2a18e77de33484dac7283dfb149cfc703

  • SHA256

    7d5b1d29a694e8fc136a5a13fd17b8c30d08c8d4f4d5d8006a5361d53acdf9de

  • SHA512

    de9b1d042788da091f86d9af8ae1556b68acbc62a9eb06ec454e407b89b216bcd10ab7cbc945224b111163700d27b2153e9fada181f2e90cd195619829014210

  • SSDEEP

    196608:H06I6iZ1VR5nzGRXmEY9RRdwMw6C7S2F2euxVQQPZrMYDdauyGCqKilFn+FlZudA:HcnqZmEYXRxrCzb8M2zyLclFnGzTZUIN

Score
7/10

Malware Config

Targets

    • Target

      anyunlock-iphone-password-unlocker-en-official-setup.exe

    • Size

      14.1MB

    • MD5

      42f74b42135f9dea8b74d4df8600d62c

    • SHA1

      b176f0c2a18e77de33484dac7283dfb149cfc703

    • SHA256

      7d5b1d29a694e8fc136a5a13fd17b8c30d08c8d4f4d5d8006a5361d53acdf9de

    • SHA512

      de9b1d042788da091f86d9af8ae1556b68acbc62a9eb06ec454e407b89b216bcd10ab7cbc945224b111163700d27b2153e9fada181f2e90cd195619829014210

    • SSDEEP

      196608:H06I6iZ1VR5nzGRXmEY9RRdwMw6C7S2F2euxVQQPZrMYDdauyGCqKilFn+FlZudA:HcnqZmEYXRxrCzb8M2zyLclFnGzTZUIN

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/CheckProVs.dll

    • Size

      7KB

    • MD5

      62e85098ce43cb3d5c422e49390b7071

    • SHA1

      df6722f155ce2a1379eff53a9ad1611ddecbb3bf

    • SHA256

      ee7e26894cbf89c93ae4df15bdb12cd9a21f5deacedfa99a01eefe8fa52daec2

    • SHA512

      dfe7438c2b46f822e2a810bc355e5226043547608d19d1c70314e4325c06ad9ad63a797905e30d19f5d9a86ee1a6d9c28f525a298731e79dbf6f3d6441179a8e

    • SSDEEP

      96:iqCVh8iNqVgRudZczLiJp2tvgaJOnT/323x3XQUPVAm6yBBECtu7ZyvN:9IhJqUudZkLi+bOni3x3X3PVR6yBBfj

    Score
    3/10
    • Target

      $PLUGINSDIR/SkinnedControls.dll

    • Size

      77KB

    • MD5

      364bb3c9218429dd1315ad1db47e152d

    • SHA1

      3253c1a381161c268bce8c487e892c8e5dd29dc3

    • SHA256

      5f7998711ea856730139c4dac403f11b947ed94a464dc6d2d4b22f928c3a8536

    • SHA512

      d9084068a259acb9a1691d10da8610053d3abdf6dc78d7357d80d1ac794d940478d2b05c3050484680ddee4c832ae30d71a67b2c2978845e298aca48058e01f6

    • SSDEEP

      768:Q0p2dJFs6nYFg0vxrF9jd+IpMCGC8BnmmfJmLVp1aB5tEEThyX7QirbTGgyhTFDK:Q0YsX7vxGjBvJgVTadaXBTeh55axv

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    • Target

      $PLUGINSDIR/dotNetFx45_Full_setup.exe

    • Size

      982KB

    • MD5

      9e8253f0a993e53b4809dbd74b335227

    • SHA1

      f6ba6f03c65c3996a258f58324a917463b2d6ff4

    • SHA256

      e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

    • SHA512

      404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

    • SSDEEP

      24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec62e1a8d16d8f1b0eb792aa26e5de5c

    • SHA1

      faa219618aec99cffb81c312728dc56c1fdc5798

    • SHA256

      193d396fc7be5fed9d585de3c43e23d640c1dce725499f0274b3898c248545aa

    • SHA512

      cb3f3458cf734ab7b964ed25cac87ff2938292eed9caae1305b2e5975bde885f4d8b06d05d4099ef614982cd55d97e9ddc0f13bbe2cdd9fb642d008788ed3017

    • SSDEEP

      96:O7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNp38:/N8KgWAuLWxD8ZAGgmkN

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $PLUGINSDIR/setup.exe

    • Size

      3.3MB

    • MD5

      023dfce70301896fb6b2e15eca718549

    • SHA1

      64bf799250c2d437b8dd2f0c7c7e6509394565d9

    • SHA256

      9140755badab25fcca359fe83f74a4a435ec6136302ddafb489a90f563ad4157

    • SHA512

      e47fbb80e62a02018ffd0484e21d9f80bd6469ef0df745d7f5aff7bc5ca91a487bbbcdc2d0a9b0c67352a33c97bced3f0184ba42960f1cf7c6313004fbf4eede

    • SSDEEP

      98304:lR41UPttYZbwA2PNb8XxD3GH5X3ng8SCC6akRuLy:M1eY3xbGZXXg8SCv+Ly

    Score
    1/10
    • Target

      $PLUGINSDIR/uninstall.exe

    • Size

      11.2MB

    • MD5

      48d796c60981cce5be144c8ff52466f1

    • SHA1

      83a4e3ecb47c14ba8eac80d4fa69ba53c07d4153

    • SHA256

      ea88d6f7e328e86762b4d586390bdc6eccca1501a3a03150968884e8cc3ad5dc

    • SHA512

      9476e27126fc3f7b0001c21d7b30035ee37a7d0576ea647f77bd5f9cff61d7c809cf67a8808bccab2b5ed3cdc8cfdabc906ee1c18b22c0b5dc79dd506243cc17

    • SSDEEP

      196608:HhKgznK4UZ9oHpWSQQ+87W4DFPwV422RBhox+Ht+FPYLrvaDbP8+uDgCAoy:HhK4K4UZyHdN+8b/hGG+ByvaDzfxoy

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      2KB

    • MD5

      33ec04738007e665059cf40bc0f0c22b

    • SHA1

      4196759a922e333d9b17bda5369f14c33cd5e3bc

    • SHA256

      50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

    • SHA512

      2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

    Score
    3/10
    • Target

      $PLUGINSDIR/CheckProVs.dll

    • Size

      7KB

    • MD5

      62e85098ce43cb3d5c422e49390b7071

    • SHA1

      df6722f155ce2a1379eff53a9ad1611ddecbb3bf

    • SHA256

      ee7e26894cbf89c93ae4df15bdb12cd9a21f5deacedfa99a01eefe8fa52daec2

    • SHA512

      dfe7438c2b46f822e2a810bc355e5226043547608d19d1c70314e4325c06ad9ad63a797905e30d19f5d9a86ee1a6d9c28f525a298731e79dbf6f3d6441179a8e

    • SSDEEP

      96:iqCVh8iNqVgRudZczLiJp2tvgaJOnT/323x3XQUPVAm6yBBECtu7ZyvN:9IhJqUudZkLi+bOni3x3X3PVR6yBBfj

    Score
    3/10
    • Target

      $PLUGINSDIR/GoogleTracingLib.dll

    • Size

      36KB

    • MD5

      d8fca35ff95fe00a7174177181f8bd13

    • SHA1

      fbafea4d2790dd2c0d022dfb08ded91de7f5265e

    • SHA256

      ad873f1e51e6d033e5507235ec735957256ebeeb0d3f22aa0b57bb4bd0846e4c

    • SHA512

      eb530b10f137cb0cdfdcd2c11fd9f50f774e0ce44e9d2da3e755f6a6df24fe6e7525c27b109e3e68e9d3e49a889937a22f4d9d78703b1055a83b8a58808a58ba

    • SSDEEP

      768:IWXV2fVEC5h9KclMCumc6plPHY4jq7rOZkdhKZV:8Smh9/BumTlg4kOZ+Kz

    Score
    3/10
    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      5KB

    • MD5

      e5786e8703d651bc8bd4bfecf46d3844

    • SHA1

      fee5aa4b325deecbf69ccb6eadd89bd5ae59723f

    • SHA256

      d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774

    • SHA512

      d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3

    • SSDEEP

      96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/SkinBtn.dll

    • Size

      4KB

    • MD5

      29818862640ac659ce520c9c64e63e9e

    • SHA1

      485e1e6cc552fa4f05fb767043b1e7c9eb80be64

    • SHA256

      e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb

    • SHA512

      ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057

    • SSDEEP

      96:lNM22eGbMlQMYbDnmaxn/nPm1Xe+KuAaK:D32eGbMlQMuHvqXe

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      904d8313031ac05e2bac3dd329828833

    • SHA1

      6c8322f76e5c38bc24b0bcc057a510c92ec40b43

    • SHA256

      a7c5516478ab02b5d6c1684b3c2b31ee03331712bcd9f9a8ef8309d2b72c8ec4

    • SHA512

      9d524ebc965f224e1a16f537f71df0963c586fd548cb9a901f8afb1951416dd656d5493cc5e304157dfa6d70d69bcd4c5a5b140fceb3736548e71fe7086b6de8

    • SSDEEP

      192:oR8cxzvTyl4tgi8pPjQM0PuAg0YNyAUIFtSP:IBxzm+t18pZ0WAg0RzIFg

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
7/10

behavioral10

Score
7/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
7/10

behavioral18

Score
7/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

upx
Score
7/10

behavioral26

upx
Score
7/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10