General

  • Target

    anyfix-ios-system-recovery-en-setup (2).exe

  • Size

    7.1MB

  • Sample

    240502-xlck4sea3t

  • MD5

    9c3c41d2f9b7d33d38641e85ba0a5fd9

  • SHA1

    5e3fc663df59515cdf7eb9c4c0a43130a26689ba

  • SHA256

    0609ebd4157f1b0591ab2a98749c0073a479ffae8e3eb5ba560838bb3eaaa0c5

  • SHA512

    2a38369f24c28c310e6ed98506fc89177a00e2766a89ed992fca5867bec55f0125aa0403fe619d051044acdf6f0dfe63c230e072e3732693cd51cce43f616a06

  • SSDEEP

    98304:2aswfDVoKwsGwFzDXoAgjrpeuUaCp1o9Djk5mfZwg4yCr78VEZ7W9xlWes3bdjOi:2VwVssGOzDXYU/s5IsBwTLQGWblMLs/y

Score
7/10

Malware Config

Targets

    • Target

      anyfix-ios-system-recovery-en-setup (2).exe

    • Size

      7.1MB

    • MD5

      9c3c41d2f9b7d33d38641e85ba0a5fd9

    • SHA1

      5e3fc663df59515cdf7eb9c4c0a43130a26689ba

    • SHA256

      0609ebd4157f1b0591ab2a98749c0073a479ffae8e3eb5ba560838bb3eaaa0c5

    • SHA512

      2a38369f24c28c310e6ed98506fc89177a00e2766a89ed992fca5867bec55f0125aa0403fe619d051044acdf6f0dfe63c230e072e3732693cd51cce43f616a06

    • SSDEEP

      98304:2aswfDVoKwsGwFzDXoAgjrpeuUaCp1o9Djk5mfZwg4yCr78VEZ7W9xlWes3bdjOi:2VwVssGOzDXYU/s5IsBwTLQGWblMLs/y

    Score
    6/10
    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      2KB

    • MD5

      33ec04738007e665059cf40bc0f0c22b

    • SHA1

      4196759a922e333d9b17bda5369f14c33cd5e3bc

    • SHA256

      50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

    • SHA512

      2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

    Score
    3/10
    • Target

      $PLUGINSDIR/CheckProVs.dll

    • Size

      7KB

    • MD5

      62e85098ce43cb3d5c422e49390b7071

    • SHA1

      df6722f155ce2a1379eff53a9ad1611ddecbb3bf

    • SHA256

      ee7e26894cbf89c93ae4df15bdb12cd9a21f5deacedfa99a01eefe8fa52daec2

    • SHA512

      dfe7438c2b46f822e2a810bc355e5226043547608d19d1c70314e4325c06ad9ad63a797905e30d19f5d9a86ee1a6d9c28f525a298731e79dbf6f3d6441179a8e

    • SSDEEP

      96:iqCVh8iNqVgRudZczLiJp2tvgaJOnT/323x3XQUPVAm6yBBECtu7ZyvN:9IhJqUudZkLi+bOni3x3X3PVR6yBBfj

    Score
    3/10
    • Target

      $PLUGINSDIR/ExecDos.dll

    • Size

      6KB

    • MD5

      774e3b33d151413dc826bf2421cd51e8

    • SHA1

      ab2928dcf6fa54bb9eb16e5f64bfcffaaeee90fa

    • SHA256

      91d5481f576382164703e4ac244052265769377838ac30233ad79c983ed9d454

    • SHA512

      3cf955b13e81e4b6edb292df751ce7f64b0cf30979f57b1609f002859b4e68adc046b6674f76f7b7ce7144382316c344c11fed02d638e62fcc8464c32795a365

    • SSDEEP

      96:38IgHUv7jr2GJ+dfuitjFVsDtwC6OcgHl7cFi1cyMV7WhWuaW:dCajridfjR6tw1OjHl7cE1KyhWua

    Score
    3/10
    • Target

      $PLUGINSDIR/GoogleTracingLib.dll

    • Size

      36KB

    • MD5

      d8fca35ff95fe00a7174177181f8bd13

    • SHA1

      fbafea4d2790dd2c0d022dfb08ded91de7f5265e

    • SHA256

      ad873f1e51e6d033e5507235ec735957256ebeeb0d3f22aa0b57bb4bd0846e4c

    • SHA512

      eb530b10f137cb0cdfdcd2c11fd9f50f774e0ce44e9d2da3e755f6a6df24fe6e7525c27b109e3e68e9d3e49a889937a22f4d9d78703b1055a83b8a58808a58ba

    • SSDEEP

      768:IWXV2fVEC5h9KclMCumc6plPHY4jq7rOZkdhKZV:8Smh9/BumTlg4kOZ+Kz

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ca332bb753b0775d5e806e236ddcec55

    • SHA1

      f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    • SHA256

      df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    • SHA512

      2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    • SSDEEP

      192:eo24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol6Sl:k8QIl975eXqlWBrz7YLOl6

    Score
    3/10
    • Target

      $PLUGINSDIR/dotNetFx45_Full_setup.exe

    • Size

      982KB

    • MD5

      9e8253f0a993e53b4809dbd74b335227

    • SHA1

      f6ba6f03c65c3996a258f58324a917463b2d6ff4

    • SHA256

      e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

    • SHA512

      404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

    • SSDEEP

      24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/msvcp100.dll

    • Size

      593KB

    • MD5

      d029339c0f59cf662094eddf8c42b2b5

    • SHA1

      a0b6de44255ce7bfade9a5b559dd04f2972bfdc8

    • SHA256

      934d882efd3c0f3f1efbc238ef87708f3879f5bb456d30af62f3368d58b6aa4c

    • SHA512

      021d9af52e68cb7a3b0042d9ed6c9418552ee16df966f9ccedd458567c47d70471cb8851a69d3982d64571369664faeeae3be90e2e88a909005b9cdb73679c82

    • SSDEEP

      12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/

    Score
    1/10
    • Target

      $PLUGINSDIR/msvcr100.dll

    • Size

      809KB

    • MD5

      366fd6f3a451351b5df2d7c4ecf4c73a

    • SHA1

      50db750522b9630757f91b53df377fd4ed4e2d66

    • SHA256

      ae3cb6c6afba9a4aa5c85f66023c35338ca579b30326dd02918f9d55259503d5

    • SHA512

      2de764772b68a85204b7435c87e9409d753c2196cf5b2f46e7796c99a33943e167f62a92e8753eaa184cd81fb14361e83228eb1b474e0c3349ed387ec93e6130

    • SSDEEP

      12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1

    Score
    1/10
    • Target

      $PLUGINSDIR/nsDui.dll

    • Size

      3.1MB

    • MD5

      da277c7997c003698b5fb0b8bb9491bb

    • SHA1

      c897c3d8809d9af00ab05cdbd1eb3f35f9e98d23

    • SHA256

      e49008ab87c0f707fb2cac811b3a2c74ba82ee7f6e91635f5cf5ed6e3c2c09e7

    • SHA512

      cd3b73449bdbfceba3d6975f749d91f9c75b312bebc670aedb2facd42e3c0d3d4775c77bea024d949502278e7539d2052ad96411677fd663961979fa6d456367

    • SSDEEP

      49152:dlyjYo1+wiLWDEzNFoZQdHJ9A6ajb5dSr+vWcUsaTXmdQQKNkX:LyP1+kDEzNOWp9A6aBd+q/UBFHG

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      ec62e1a8d16d8f1b0eb792aa26e5de5c

    • SHA1

      faa219618aec99cffb81c312728dc56c1fdc5798

    • SHA256

      193d396fc7be5fed9d585de3c43e23d640c1dce725499f0274b3898c248545aa

    • SHA512

      cb3f3458cf734ab7b964ed25cac87ff2938292eed9caae1305b2e5975bde885f4d8b06d05d4099ef614982cd55d97e9ddc0f13bbe2cdd9fb642d008788ed3017

    • SSDEEP

      96:O7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNp38:/N8KgWAuLWxD8ZAGgmkN

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      4KB

    • MD5

      f0438a894f3a7e01a4aae8d1b5dd0289

    • SHA1

      b058e3fcfb7b550041da16bf10d8837024c38bf6

    • SHA256

      30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

    • SHA512

      f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

    • SSDEEP

      48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj

    Score
    3/10
    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      313KB

    • MD5

      06a47571ac922f82c098622b2f5f6f63

    • SHA1

      8a581c33b7f2029c41edaad55d024fc0d2d7c427

    • SHA256

      e4ab3064f2e094910ae80104ef9d371ccb74ebbeeed592582cf099acd83f5fe9

    • SHA512

      04b3d18042f1faa536e1393179f412a5644d2cf691fbc14970f79df5c0594eeedb0826b495807a3243f27aaa0380423c1f975fe857f32e057309bb3f2a529a83

    • SSDEEP

      6144:rA9ssOlBrbYr5UP4m3mC/FvBbhQ1JzI+yQKiJGxdNtsm0:r2S165UP4mL/FvBtC8zQdSDmm0

    Score
    3/10
    • Target

      $PLUGINSDIR/registry.dll

    • Size

      24KB

    • MD5

      2b7007ed0262ca02ef69d8990815cbeb

    • SHA1

      2eabe4f755213666dbbbde024a5235ddde02b47f

    • SHA256

      0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

    • SHA512

      aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

    • SSDEEP

      384:W2mvyNjH3rPnAZ4wu2QbnC7qB7PnrvScaeYA4CIDEge/QqL2AQ:/75w/OfrzB4CUxuQfA

    Score
    3/10
    • Target

      $PLUGINSDIR/uninstall.exe

    • Size

      304KB

    • MD5

      dac3b528233d00e3c2ee268b608fa4c0

    • SHA1

      6c632ad2888cd93f2aa2aef0fde309e043c90f31

    • SHA256

      0491c06f3771d5cdbe47042e8d40a17914e27a7b668b1d08e28f264b122a4dee

    • SHA512

      f1109877a1ddd5e28ebbde7814f97aea530bb6581da4670e91f9593069f182561085cf1432c505261faef9a51564f0058db436998376e056d22b0260163ae0b3

    • SSDEEP

      3072:j5szWOITsEL50jl7yI57isGg4oUeO0l2uuuuuuuuuuuuuuuuuuuDXVoE1wA3/FnZ:CzZZDFGg+mtgc/V2fo0xR6X7gpC

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      2KB

    • MD5

      33ec04738007e665059cf40bc0f0c22b

    • SHA1

      4196759a922e333d9b17bda5369f14c33cd5e3bc

    • SHA256

      50f735ab8f3473423e6873d628150bbc0777be7b4f6405247cddf22bb00fb6be

    • SHA512

      2318b01f0c2f2f021a618ca3e6e5c24a94df5d00154766b77160203b8b0a177c8581c7b688ffe69be93a69bc7fd06b8a589844d42447f5060fb4bcf94d8a9aef

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks