General

  • Target

    anyunlock-iphone-password-unlocker-en-official-setup.exe

  • Size

    14.2MB

  • Sample

    241109-1qvt2ataqp

  • MD5

    b498487c69b8fc080f196ebc2d127075

  • SHA1

    83596bb1dd85f2d38179296c079e7684a3654791

  • SHA256

    70c6123839dc03425f35f4f8fbe251ae559e88bc5593ebb7d59e6dea742ed62f

  • SHA512

    6e28e9cae5c0ca0f767229ab90805f4a615fd3a1d1cd4b5f857443dfdb99a8d3c307cacaf12365c398c2f25215526b13d708e35ed7dbb758dca15a746d679b3b

  • SSDEEP

    393216:SYn3CBqaOPkW9cMnn4BBmeCg4DjnchSa7UI0:SYSBqaOPkWGMnYmffncwn

Malware Config

Targets

    • Target

      anyunlock-iphone-password-unlocker-en-official-setup.exe

    • Size

      14.2MB

    • MD5

      b498487c69b8fc080f196ebc2d127075

    • SHA1

      83596bb1dd85f2d38179296c079e7684a3654791

    • SHA256

      70c6123839dc03425f35f4f8fbe251ae559e88bc5593ebb7d59e6dea742ed62f

    • SHA512

      6e28e9cae5c0ca0f767229ab90805f4a615fd3a1d1cd4b5f857443dfdb99a8d3c307cacaf12365c398c2f25215526b13d708e35ed7dbb758dca15a746d679b3b

    • SSDEEP

      393216:SYn3CBqaOPkW9cMnn4BBmeCg4DjnchSa7UI0:SYSBqaOPkWGMnYmffncwn

    • Modifies firewall policy service

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/CheckProVs.dll

    • Size

      18KB

    • MD5

      5422e399fabd3a344e8dcc807a48637e

    • SHA1

      59b0830698b15993671eb0dd43020041c351deb8

    • SHA256

      64e6aad5d6628bc743196a42e28df3f8dc71cdf0d2ad4c250bab872d2a3991c7

    • SHA512

      9d102954e0d7bb7e69219a14158e410c18adb85d1cca9e269f3955d3fc5e61b23872313b78d16cd6488eaac0f835b233356152575bf130f8ec91e0d481aa1493

    • SSDEEP

      384:qJqUuDf+bOQNnPV5By6ki2/iAV1/wfT3ir2WSx7bLFMGO:q8UA+bfndbd26H3iPmbLFJO

    Score
    3/10
    • Target

      $PLUGINSDIR/SkinnedControls.dll

    • Size

      77KB

    • MD5

      364bb3c9218429dd1315ad1db47e152d

    • SHA1

      3253c1a381161c268bce8c487e892c8e5dd29dc3

    • SHA256

      5f7998711ea856730139c4dac403f11b947ed94a464dc6d2d4b22f928c3a8536

    • SHA512

      d9084068a259acb9a1691d10da8610053d3abdf6dc78d7357d80d1ac794d940478d2b05c3050484680ddee4c832ae30d71a67b2c2978845e298aca48058e01f6

    • SSDEEP

      768:Q0p2dJFs6nYFg0vxrF9jd+IpMCGC8BnmmfJmLVp1aB5tEEThyX7QirbTGgyhTFDK:Q0YsX7vxGjBvJgVTadaXBTeh55axv

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      22KB

    • MD5

      86a488bf743dfab80ff142713adb5d48

    • SHA1

      02e4b39f2fa40cd4edcc42cb524dc3ce911bfdac

    • SHA256

      3924b57f8993a880d53e1e4e18eb6ba9b5dc610cbb00345c954c7e8a9078c309

    • SHA512

      0ed09bcddd5bd13a91e7b99b78e37a01a36d62a29ad74acaacbe0da6446c8523e83ed2c089d2847e4d1ba467da93e2fd2de104feb51bcda445511b334bf932c8

    • SSDEEP

      384:h8QIl975eXqlWBrz7YLOl6q6ki2/id91/wfT3ir2WSx7bLo0w4I:hgPgrfYLO8F26s3iPmbLVa

    Score
    3/10
    • Target

      $PLUGINSDIR/dotNetFx45_Full_setup.exe

    • Size

      982KB

    • MD5

      9e8253f0a993e53b4809dbd74b335227

    • SHA1

      f6ba6f03c65c3996a258f58324a917463b2d6ff4

    • SHA256

      e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

    • SHA512

      404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

    • SSDEEP

      24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      17KB

    • MD5

      eae60d4807a106d8795c4260bcc9bbee

    • SHA1

      13511a9e35c3e20c9b55016a3226a0aae52e15f3

    • SHA256

      863cfac6df27d31830edf983e68634860c3a4671303b956cfdf82f5f855b7913

    • SHA512

      27f495de634cc10aa5c0b36cb17904ca33d3241a67edc9d062d9a64f50ccf9aaf91a2a99170b43cf1fbd492ba3bbb598aa9a67e28ea41a8f990d3472a3219a71

    • SSDEEP

      384:ImKgIWhoAGgmkNW6ki2/i8MbZ+1/wfT3ir2WSx7bLb33:dzEAGLkT26p53iPmbLj

    Score
    3/10
    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      15KB

    • MD5

      8205bee74d498724aa5508e93c6d21f8

    • SHA1

      2564cc3032e59d538826596a88d80c3d022ef595

    • SHA256

      382aad28fa439b18d3d41a4652201c1d1542d73ff756a738c4cee6b75ebeca8f

    • SHA512

      67c1e7fcfbc03565ddcd0cde4a91104231b30e0e3edbfe338ba5da76085fe849ea2dea199554dd3b25b90ab9722c30fd22399932463ef4a95e6000fcb5ef3ca1

    • SSDEEP

      192:gUl64IGsjo6kSDnicMBT6iiXt4/0Xx1/wfT/5QyrWrMIoWSx++Xa21RyoWljGC:/Zt6ki2/i+/M1/wfT3ir2WSx7bLyoWlV

    Score
    3/10
    • Target

      $PLUGINSDIR/setup.exe

    • Size

      3.3MB

    • MD5

      023dfce70301896fb6b2e15eca718549

    • SHA1

      64bf799250c2d437b8dd2f0c7c7e6509394565d9

    • SHA256

      9140755badab25fcca359fe83f74a4a435ec6136302ddafb489a90f563ad4157

    • SHA512

      e47fbb80e62a02018ffd0484e21d9f80bd6469ef0df745d7f5aff7bc5ca91a487bbbcdc2d0a9b0c67352a33c97bced3f0184ba42960f1cf7c6313004fbf4eede

    • SSDEEP

      98304:lR41UPttYZbwA2PNb8XxD3GH5X3ng8SCC6akRuLy:M1eY3xbGZXXg8SCv+Ly

    Score
    3/10
    • Target

      $PLUGINSDIR/uninstall.exe

    • Size

      11.3MB

    • MD5

      6765828d8b0b8583353054be50c8250a

    • SHA1

      b736d93ac930a804379a02f4c1cc74ed465f5931

    • SHA256

      c77e04966f1595e5786e902fd85275639846283724b6337da79d946590bc6fb9

    • SHA512

      8a668dab4084e2b58ffa11d0579b65370d3ccb807e9b81c50702fa419136b9ec5f63348bc76bf1ccc7e704028c77df18d291c539abad9b6c31a8eb00af9fb382

    • SSDEEP

      196608:/hKXDpw4uLfIZmDTlbu60Q1aBhUamtyoLu7j+062UjrmXdj8DK30YtUSuCKz5:/hK1w4uLfRDTFu67IBNCLK2kdgDK30Y+

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/BgWorker.dll

    • Size

      13KB

    • MD5

      8401375a531d44e40b02c0739acf13ec

    • SHA1

      2937b881c4a1ceed819dfbe604315e2c1c320e77

    • SHA256

      d46ab59420f1eed08f2b4e93d9a2feb0986a5df703e33be0a739b0347c7dd618

    • SHA512

      f5bc08b540508b152a4cf0bbe05a1d0c0a82bd512ca59e83d4290ad078f3b4368caa57deac85de42c1b945ec3b908a5b3a7dc863a017801479437595834863d7

    • SSDEEP

      192:t9Hsl/C6kSDnicMBT6iiXtIp5F1/wfT/5QyrWrMIoWSx++Xa21R4way:r6ki2/iunF1/wfT3ir2WSx7bL4way

    Score
    3/10
    • Target

      $PLUGINSDIR/CheckProVs.dll

    • Size

      18KB

    • MD5

      5422e399fabd3a344e8dcc807a48637e

    • SHA1

      59b0830698b15993671eb0dd43020041c351deb8

    • SHA256

      64e6aad5d6628bc743196a42e28df3f8dc71cdf0d2ad4c250bab872d2a3991c7

    • SHA512

      9d102954e0d7bb7e69219a14158e410c18adb85d1cca9e269f3955d3fc5e61b23872313b78d16cd6488eaac0f835b233356152575bf130f8ec91e0d481aa1493

    • SSDEEP

      384:qJqUuDf+bOQNnPV5By6ki2/iAV1/wfT3ir2WSx7bLFMGO:q8UA+bfndbd26H3iPmbLFJO

    Score
    3/10
    • Target

      $PLUGINSDIR/GoogleTracingLib.dll

    • Size

      46KB

    • MD5

      3a914fc853188765010b73ff99834383

    • SHA1

      374b9c4bcc852e42e85aab7b142ecdd80f0c40a1

    • SHA256

      5b8cadf540dd47d19b1020bf5c0aca1b6d14d9d875b0a5794b432401c60ee5c7

    • SHA512

      1e1a26dcb480cae7dc0fb89c0e8b560206b23b85a6f56458e2019af9c67ca9f942e2c75e78052e4e0eebcfff5e7a3c5eafb5538ba776c0a40b39cafee0bce0e7

    • SSDEEP

      768:/WXV2fVEC5h9KclMCumc6plPHY4jq7rOZkdhKZVz26e3iPmbLb:zSmh9/BumTlg4kOZ+KzztQ7D

    Score
    3/10
    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      15KB

    • MD5

      0975f56f06c5d3680ce1ca46c9ffd583

    • SHA1

      87cc2a8dd5b58b734e3dd4c4f7ea1df7c3a90c93

    • SHA256

      f9882a63181c93d028c43ff86db4c8927196b5e9bfcbee1d87a8004a37b083cf

    • SHA512

      7e292bc659313ecde026ccd6cc239adf8aaeb77ccf2bb806d59900481646ac9350b72d02c86cfa61134952053e40ea4280ee05ef9625deb21053e84da0c9b8e9

    • SSDEEP

      384:Vi9ogS6x+TE6ki2/iio1/wfT3ir2WSx7bLS4I:E9ogSE+b26g3iPmbLG

    Score
    7/10
    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      $PLUGINSDIR/SkinBtn.dll

    • Size

      15KB

    • MD5

      0325c49a03baf13592272fec2b36968e

    • SHA1

      ab10d9f3b420d7192ce6e3ceb953d94b669bdded

    • SHA256

      72ddf9ec65f49d38ed181b4e73e095524d9c83118e6d7ae705227c7351300b95

    • SHA512

      9009b5ebd7c45ecf9aa967aeddaf6b7695581ee8e212432eeaefd0777df3fbff41842975e0d09774f01b3b994500299042a004efc030162576cca925bdc0f43c

    • SSDEEP

      384:lxSX36ki2/iXmXc51/wfT3ir2WSx7bLVDDjn:cK262Xcu3iPmbLVjn

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      22KB

    • MD5

      86a488bf743dfab80ff142713adb5d48

    • SHA1

      02e4b39f2fa40cd4edcc42cb524dc3ce911bfdac

    • SHA256

      3924b57f8993a880d53e1e4e18eb6ba9b5dc610cbb00345c954c7e8a9078c309

    • SHA512

      0ed09bcddd5bd13a91e7b99b78e37a01a36d62a29ad74acaacbe0da6446c8523e83ed2c089d2847e4d1ba467da93e2fd2de104feb51bcda445511b334bf932c8

    • SSDEEP

      384:h8QIl975eXqlWBrz7YLOl6q6ki2/id91/wfT3ir2WSx7bLo0w4I:hgPgrfYLO8F26s3iPmbLVa

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      20KB

    • MD5

      607d190fafa8284451681b17106130e1

    • SHA1

      dbb86e422931fa6864b324f644ba5cb8e8254272

    • SHA256

      942dd3d2c5d1057e20ae15662c33997d816f622d2b09364fa1552142ffbae39a

    • SHA512

      1bd2a5438ecd4566a1e8efa37a187bd9ac4e22c68fa1d4c413797e144be30511f4cc7b5947d5138df276461eb6de6fb5a2ad2123704b5172e687792561023712

    • SSDEEP

      384:UBxzm+t18pZ0WAg0RzIFg46ki2/ih1xW1/wfT3ir2WSx7bL7ezYq:yupZ/Ag05f26xh3iPmbL4P

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discoveryevasionpersistenceprivilege_escalation
Score
10/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
7/10

behavioral10

discovery
Score
7/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
7/10

behavioral18

discovery
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discoveryupx
Score
7/10

behavioral26

discoveryupx
Score
7/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10