Overview
overview
10Static
static
7anyunlock-...up.exe
windows7-x64
10anyunlock-...up.exe
windows10-2004-x64
7$PLUGINSDI...Vs.dll
windows7-x64
3$PLUGINSDI...Vs.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...up.exe
windows7-x64
7$PLUGINSDI...up.exe
windows10-2004-x64
7$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDIR/setup.exe
windows7-x64
3$PLUGINSDIR/setup.exe
windows10-2004-x64
3$PLUGINSDI...ll.exe
windows7-x64
7$PLUGINSDI...ll.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...Vs.dll
windows7-x64
3$PLUGINSDI...Vs.dll
windows10-2004-x64
3$PLUGINSDI...ib.dll
windows7-x64
3$PLUGINSDI...ib.dll
windows10-2004-x64
3$PLUGINSDI...el.dll
windows7-x64
7$PLUGINSDI...el.dll
windows10-2004-x64
7$PLUGINSDI...tn.dll
windows7-x64
3$PLUGINSDI...tn.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3General
-
Target
anyunlock-iphone-password-unlocker-en-official-setup.exe
-
Size
14.2MB
-
Sample
241109-1qvt2ataqp
-
MD5
b498487c69b8fc080f196ebc2d127075
-
SHA1
83596bb1dd85f2d38179296c079e7684a3654791
-
SHA256
70c6123839dc03425f35f4f8fbe251ae559e88bc5593ebb7d59e6dea742ed62f
-
SHA512
6e28e9cae5c0ca0f767229ab90805f4a615fd3a1d1cd4b5f857443dfdb99a8d3c307cacaf12365c398c2f25215526b13d708e35ed7dbb758dca15a746d679b3b
-
SSDEEP
393216:SYn3CBqaOPkW9cMnn4BBmeCg4DjnchSa7UI0:SYSBqaOPkWGMnYmffncwn
Behavioral task
behavioral1
Sample
anyunlock-iphone-password-unlocker-en-official-setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
anyunlock-iphone-password-unlocker-en-official-setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/CheckProVs.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/CheckProVs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/SkinnedControls.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/SkinnedControls.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/dotNetFx45_Full_setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/dotNetFx45_Full_setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/setup.exe
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/BgWorker.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/CheckProVs.dll
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/CheckProVs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/GoogleTracingLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/GoogleTracingLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/SelfDel.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/SelfDel.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/SkinBtn.dll
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/SkinBtn.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
anyunlock-iphone-password-unlocker-en-official-setup.exe
-
Size
14.2MB
-
MD5
b498487c69b8fc080f196ebc2d127075
-
SHA1
83596bb1dd85f2d38179296c079e7684a3654791
-
SHA256
70c6123839dc03425f35f4f8fbe251ae559e88bc5593ebb7d59e6dea742ed62f
-
SHA512
6e28e9cae5c0ca0f767229ab90805f4a615fd3a1d1cd4b5f857443dfdb99a8d3c307cacaf12365c398c2f25215526b13d708e35ed7dbb758dca15a746d679b3b
-
SSDEEP
393216:SYn3CBqaOPkW9cMnn4BBmeCg4DjnchSa7UI0:SYSBqaOPkWGMnYmffncwn
Score10/10-
Modifies firewall policy service
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/CheckProVs.dll
-
Size
18KB
-
MD5
5422e399fabd3a344e8dcc807a48637e
-
SHA1
59b0830698b15993671eb0dd43020041c351deb8
-
SHA256
64e6aad5d6628bc743196a42e28df3f8dc71cdf0d2ad4c250bab872d2a3991c7
-
SHA512
9d102954e0d7bb7e69219a14158e410c18adb85d1cca9e269f3955d3fc5e61b23872313b78d16cd6488eaac0f835b233356152575bf130f8ec91e0d481aa1493
-
SSDEEP
384:qJqUuDf+bOQNnPV5By6ki2/iAV1/wfT3ir2WSx7bLFMGO:q8UA+bfndbd26H3iPmbLFJO
Score3/10 -
-
-
Target
$PLUGINSDIR/SkinnedControls.dll
-
Size
77KB
-
MD5
364bb3c9218429dd1315ad1db47e152d
-
SHA1
3253c1a381161c268bce8c487e892c8e5dd29dc3
-
SHA256
5f7998711ea856730139c4dac403f11b947ed94a464dc6d2d4b22f928c3a8536
-
SHA512
d9084068a259acb9a1691d10da8610053d3abdf6dc78d7357d80d1ac794d940478d2b05c3050484680ddee4c832ae30d71a67b2c2978845e298aca48058e01f6
-
SSDEEP
768:Q0p2dJFs6nYFg0vxrF9jd+IpMCGC8BnmmfJmLVp1aB5tEEThyX7QirbTGgyhTFDK:Q0YsX7vxGjBvJgVTadaXBTeh55axv
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
22KB
-
MD5
86a488bf743dfab80ff142713adb5d48
-
SHA1
02e4b39f2fa40cd4edcc42cb524dc3ce911bfdac
-
SHA256
3924b57f8993a880d53e1e4e18eb6ba9b5dc610cbb00345c954c7e8a9078c309
-
SHA512
0ed09bcddd5bd13a91e7b99b78e37a01a36d62a29ad74acaacbe0da6446c8523e83ed2c089d2847e4d1ba467da93e2fd2de104feb51bcda445511b334bf932c8
-
SSDEEP
384:h8QIl975eXqlWBrz7YLOl6q6ki2/id91/wfT3ir2WSx7bLo0w4I:hgPgrfYLO8F26s3iPmbLVa
Score3/10 -
-
-
Target
$PLUGINSDIR/dotNetFx45_Full_setup.exe
-
Size
982KB
-
MD5
9e8253f0a993e53b4809dbd74b335227
-
SHA1
f6ba6f03c65c3996a258f58324a917463b2d6ff4
-
SHA256
e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a
-
SHA512
404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0
-
SSDEEP
24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
17KB
-
MD5
eae60d4807a106d8795c4260bcc9bbee
-
SHA1
13511a9e35c3e20c9b55016a3226a0aae52e15f3
-
SHA256
863cfac6df27d31830edf983e68634860c3a4671303b956cfdf82f5f855b7913
-
SHA512
27f495de634cc10aa5c0b36cb17904ca33d3241a67edc9d062d9a64f50ccf9aaf91a2a99170b43cf1fbd492ba3bbb598aa9a67e28ea41a8f990d3472a3219a71
-
SSDEEP
384:ImKgIWhoAGgmkNW6ki2/i8MbZ+1/wfT3ir2WSx7bLb33:dzEAGLkT26p53iPmbLj
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
15KB
-
MD5
8205bee74d498724aa5508e93c6d21f8
-
SHA1
2564cc3032e59d538826596a88d80c3d022ef595
-
SHA256
382aad28fa439b18d3d41a4652201c1d1542d73ff756a738c4cee6b75ebeca8f
-
SHA512
67c1e7fcfbc03565ddcd0cde4a91104231b30e0e3edbfe338ba5da76085fe849ea2dea199554dd3b25b90ab9722c30fd22399932463ef4a95e6000fcb5ef3ca1
-
SSDEEP
192:gUl64IGsjo6kSDnicMBT6iiXt4/0Xx1/wfT/5QyrWrMIoWSx++Xa21RyoWljGC:/Zt6ki2/i+/M1/wfT3ir2WSx7bLyoWlV
Score3/10 -
-
-
Target
$PLUGINSDIR/setup.exe
-
Size
3.3MB
-
MD5
023dfce70301896fb6b2e15eca718549
-
SHA1
64bf799250c2d437b8dd2f0c7c7e6509394565d9
-
SHA256
9140755badab25fcca359fe83f74a4a435ec6136302ddafb489a90f563ad4157
-
SHA512
e47fbb80e62a02018ffd0484e21d9f80bd6469ef0df745d7f5aff7bc5ca91a487bbbcdc2d0a9b0c67352a33c97bced3f0184ba42960f1cf7c6313004fbf4eede
-
SSDEEP
98304:lR41UPttYZbwA2PNb8XxD3GH5X3ng8SCC6akRuLy:M1eY3xbGZXXg8SCv+Ly
Score3/10 -
-
-
Target
$PLUGINSDIR/uninstall.exe
-
Size
11.3MB
-
MD5
6765828d8b0b8583353054be50c8250a
-
SHA1
b736d93ac930a804379a02f4c1cc74ed465f5931
-
SHA256
c77e04966f1595e5786e902fd85275639846283724b6337da79d946590bc6fb9
-
SHA512
8a668dab4084e2b58ffa11d0579b65370d3ccb807e9b81c50702fa419136b9ec5f63348bc76bf1ccc7e704028c77df18d291c539abad9b6c31a8eb00af9fb382
-
SSDEEP
196608:/hKXDpw4uLfIZmDTlbu60Q1aBhUamtyoLu7j+062UjrmXdj8DK30YtUSuCKz5:/hK1w4uLfRDTFu67IBNCLK2kdgDK30Y+
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/BgWorker.dll
-
Size
13KB
-
MD5
8401375a531d44e40b02c0739acf13ec
-
SHA1
2937b881c4a1ceed819dfbe604315e2c1c320e77
-
SHA256
d46ab59420f1eed08f2b4e93d9a2feb0986a5df703e33be0a739b0347c7dd618
-
SHA512
f5bc08b540508b152a4cf0bbe05a1d0c0a82bd512ca59e83d4290ad078f3b4368caa57deac85de42c1b945ec3b908a5b3a7dc863a017801479437595834863d7
-
SSDEEP
192:t9Hsl/C6kSDnicMBT6iiXtIp5F1/wfT/5QyrWrMIoWSx++Xa21R4way:r6ki2/iunF1/wfT3ir2WSx7bL4way
Score3/10 -
-
-
Target
$PLUGINSDIR/CheckProVs.dll
-
Size
18KB
-
MD5
5422e399fabd3a344e8dcc807a48637e
-
SHA1
59b0830698b15993671eb0dd43020041c351deb8
-
SHA256
64e6aad5d6628bc743196a42e28df3f8dc71cdf0d2ad4c250bab872d2a3991c7
-
SHA512
9d102954e0d7bb7e69219a14158e410c18adb85d1cca9e269f3955d3fc5e61b23872313b78d16cd6488eaac0f835b233356152575bf130f8ec91e0d481aa1493
-
SSDEEP
384:qJqUuDf+bOQNnPV5By6ki2/iAV1/wfT3ir2WSx7bLFMGO:q8UA+bfndbd26H3iPmbLFJO
Score3/10 -
-
-
Target
$PLUGINSDIR/GoogleTracingLib.dll
-
Size
46KB
-
MD5
3a914fc853188765010b73ff99834383
-
SHA1
374b9c4bcc852e42e85aab7b142ecdd80f0c40a1
-
SHA256
5b8cadf540dd47d19b1020bf5c0aca1b6d14d9d875b0a5794b432401c60ee5c7
-
SHA512
1e1a26dcb480cae7dc0fb89c0e8b560206b23b85a6f56458e2019af9c67ca9f942e2c75e78052e4e0eebcfff5e7a3c5eafb5538ba776c0a40b39cafee0bce0e7
-
SSDEEP
768:/WXV2fVEC5h9KclMCumc6plPHY4jq7rOZkdhKZVz26e3iPmbLb:zSmh9/BumTlg4kOZ+KzztQ7D
Score3/10 -
-
-
Target
$PLUGINSDIR/SelfDel.dll
-
Size
15KB
-
MD5
0975f56f06c5d3680ce1ca46c9ffd583
-
SHA1
87cc2a8dd5b58b734e3dd4c4f7ea1df7c3a90c93
-
SHA256
f9882a63181c93d028c43ff86db4c8927196b5e9bfcbee1d87a8004a37b083cf
-
SHA512
7e292bc659313ecde026ccd6cc239adf8aaeb77ccf2bb806d59900481646ac9350b72d02c86cfa61134952053e40ea4280ee05ef9625deb21053e84da0c9b8e9
-
SSDEEP
384:Vi9ogS6x+TE6ki2/iio1/wfT3ir2WSx7bLS4I:E9ogSE+b26g3iPmbLG
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
-
-
Target
$PLUGINSDIR/SkinBtn.dll
-
Size
15KB
-
MD5
0325c49a03baf13592272fec2b36968e
-
SHA1
ab10d9f3b420d7192ce6e3ceb953d94b669bdded
-
SHA256
72ddf9ec65f49d38ed181b4e73e095524d9c83118e6d7ae705227c7351300b95
-
SHA512
9009b5ebd7c45ecf9aa967aeddaf6b7695581ee8e212432eeaefd0777df3fbff41842975e0d09774f01b3b994500299042a004efc030162576cca925bdc0f43c
-
SSDEEP
384:lxSX36ki2/iXmXc51/wfT3ir2WSx7bLVDDjn:cK262Xcu3iPmbLVjn
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
22KB
-
MD5
86a488bf743dfab80ff142713adb5d48
-
SHA1
02e4b39f2fa40cd4edcc42cb524dc3ce911bfdac
-
SHA256
3924b57f8993a880d53e1e4e18eb6ba9b5dc610cbb00345c954c7e8a9078c309
-
SHA512
0ed09bcddd5bd13a91e7b99b78e37a01a36d62a29ad74acaacbe0da6446c8523e83ed2c089d2847e4d1ba467da93e2fd2de104feb51bcda445511b334bf932c8
-
SSDEEP
384:h8QIl975eXqlWBrz7YLOl6q6ki2/id91/wfT3ir2WSx7bLo0w4I:hgPgrfYLO8F26s3iPmbLVa
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
20KB
-
MD5
607d190fafa8284451681b17106130e1
-
SHA1
dbb86e422931fa6864b324f644ba5cb8e8254272
-
SHA256
942dd3d2c5d1057e20ae15662c33997d816f622d2b09364fa1552142ffbae39a
-
SHA512
1bd2a5438ecd4566a1e8efa37a187bd9ac4e22c68fa1d4c413797e144be30511f4cc7b5947d5138df276461eb6de6fb5a2ad2123704b5172e687792561023712
-
SSDEEP
384:UBxzm+t18pZ0WAg0RzIFg46ki2/ih1xW1/wfT3ir2WSx7bL7ezYq:yupZ/Ag05f26xh3iPmbL4P
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1