903d7950652816449d56d87ca11b0557dc6729d8f42f0beafa5a51c301fbaa24 | Triage

Submit
Reports

Overview

overview

Static

static

5

iphone-unlock.exe

windows10-2004-x64

Sharing

General

Target

iphone-unlock.exe
Size

2.1MB
Sample

241121-1fkw3sxrdz
MD5

f2826b45fd5f301fa2ad9a088d15ed1e
SHA1

e68926617934aa6a6c3d20b96902aa999d1a379d
SHA256

903d7950652816449d56d87ca11b0557dc6729d8f42f0beafa5a51c301fbaa24
SHA512

bb9d6d8ae448f9d892c9d54d55b373815bde34c8a5cf8ef19c5afc2a65b1b7b67c16e3623376ea8144400ec6441d1c00dd26ef518ca4d1d4af608baeeb923f3a
SSDEEP

49152:j2d0/9MRenf3D9l1NTZ2oQ+bbl5fykix7tRDDUFE05MBGrkapFLcDF:j2don79BQF+bJ5fykKXDUFE0SBGLpFAR

Score

10^/10

discovery evasion upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

iphone-unlock.exe

Resource

win10v2004-20241007-en

discovery evasion upx vmprotect

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  iphone-unlock.exe
- Size
  
  2.1MB
- MD5
  
  f2826b45fd5f301fa2ad9a088d15ed1e
- SHA1
  
  e68926617934aa6a6c3d20b96902aa999d1a379d
- SHA256
  
  903d7950652816449d56d87ca11b0557dc6729d8f42f0beafa5a51c301fbaa24
- SHA512
  
  bb9d6d8ae448f9d892c9d54d55b373815bde34c8a5cf8ef19c5afc2a65b1b7b67c16e3623376ea8144400ec6441d1c00dd26ef518ca4d1d4af608baeeb923f3a
- SSDEEP
  
  49152:j2d0/9MRenf3D9l1NTZ2oQ+bbl5fykix7tRDDUFE05MBGrkapFLcDF:j2don79BQF+bJ5fykKXDUFE0SBGLpFAR
Score

10^/10

discovery evasion upx vmprotect
- Modifies firewall policy service
  evasion
- Modifies file permissions
  discovery
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionupxvmprotect

© 2018-2024

Terms | Privacy