1bd9b20c888a94b7cea6df18dcb401b599777c5c5fa0375adb2f720ab81abddc | Triage

Sharing

General

Target

VirusShare_39b9b39deb1168228ae87fa2086d43f6
Size

634KB
Sample

240204-qls5jaafe8
MD5

39b9b39deb1168228ae87fa2086d43f6
SHA1

fe5b3034b5ac5f360b456f8e29c1f59f66d93258
SHA256

1bd9b20c888a94b7cea6df18dcb401b599777c5c5fa0375adb2f720ab81abddc
SHA512

f3dd45c60be665e9023274b630f919073d9c6ab73f8f3b5d3bc2da26f86e8ff290f12786741149717b48997ef65e7ff0f8d6635fa60330f117f23bd67d5cc5f2
SSDEEP

12288:djYY/koG4GjeZHkwuPikQ7lKH5p5H9x1deZHkwu5iRQFlKd5pDCsQz7PYu:dBNG4GjeZEXi37l6Br1deZExi2Fle7Cd

Score

7^/10

adware discovery spyware stealer

Malware Config

Targets

- Target
  
  VirusShare_39b9b39deb1168228ae87fa2086d43f6
- Size
  
  634KB
- MD5
  
  39b9b39deb1168228ae87fa2086d43f6
- SHA1
  
  fe5b3034b5ac5f360b456f8e29c1f59f66d93258
- SHA256
  
  1bd9b20c888a94b7cea6df18dcb401b599777c5c5fa0375adb2f720ab81abddc
- SHA512
  
  f3dd45c60be665e9023274b630f919073d9c6ab73f8f3b5d3bc2da26f86e8ff290f12786741149717b48997ef65e7ff0f8d6635fa60330f117f23bd67d5cc5f2
- SSDEEP
  
  12288:djYY/koG4GjeZHkwuPikQ7lKH5p5H9x1deZHkwu5iRQFlKd5pDCsQz7PYu:dBNG4GjeZEXi37l6Br1deZExi2Fle7Cd
Score

7^/10

adware discovery spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10
behavioral3 behavioral4
- Target
  
  ffMediaWatchV1home289chaction.js
- Size
  
  829B
- MD5
  
  e23c495a06bc286fcacd2c642ed260b9
- SHA1
  
  32f9389e963c6b4dc1923fb9e58577828a69eb89
- SHA256
  
  203251ccbf2916eb936fef056a466af055b8f752f547cb39015b5e47725774bf
- SHA512
  
  f65718008bca0e31bc93c5ecd42e5d1d15f7a31f8e27371f77d276b699afc5d4ebf6b7d2a59768289f35c10d539d13c6ca585144444971353de3b681e00237a9
Score

1^/10
behavioral5 behavioral6
- Target
  
  ff/chrome/content/ffMediaWatchV1home289.js
- Size
  
  744B
- MD5
  
  605f5ff7fcd284ecfc8dab0cbada17db
- SHA1
  
  491a6e0650c8d006adf33eca4145763d8808871f
- SHA256
  
  bba7c70878ac61e6f6e1de3c0b53318b28675db5161a14288076dcbd1d78838c
- SHA512
  
  285f2affdd74f5fb1c60bffdf30499d0f7d972f5ec72e75bd7620ba16fcc44fc1abc1a30aa1628678c582bbeead323ecccf6e2de078b25b998f915b99551248b
Score

1^/10
behavioral7 behavioral8
- Target
  
  ff/chrome/content/ffMediaWatchV1home289ffaction.js
- Size
  
  674B
- MD5
  
  f0cb89ee6b28ff19b888540c88075997
- SHA1
  
  b5bdf75c5dc6dba51ac075c0ff6a6aa68872c4c9
- SHA256
  
  fc1dc06c657e5c07b86bbce4d2df91ba77ba58ef9b89cd232a22b9430316e761
- SHA512
  
  3fa673f74a0b3b505e072919cff7a9904a2c1c8c262d8c39e76e6a29b4d40e4406d7d4c7e42505178925c972edc8d1031504e9e67e345fe7f26fccc79541b473
Score

1^/10
behavioral10 behavioral9
- Target
  
  ie/MediaWatchV1home289.dll
- Size
  
  85KB
- MD5
  
  4d89464cb258ef6b023e5dca56e74917
- SHA1
  
  ebd1fed1b790f31ea642ef87980a3bfa6b8055d2
- SHA256
  
  abdae40439549f1dd6f831a444ef37c210e93d8700ce02ebd1b8f7b736649fbc
- SHA512
  
  0de55f2fc20773166192a427218f98c1cd6a21c0d3825b02fe376a88b7a7cf2b6deded775b396b041ee90403cbd137b58430af4b0a7e482876fba5b84f24c61f
- SSDEEP
  
  1536:67n/1CsEmkaMAvtahrOb8Dktp6HA9glQkBDz1:6r12mkaMAlahrOp6guakBX
Score

6^/10

adware stealer
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral11 behavioral12
- Target
  
  uninstall.exe
- Size
  
  285KB
- MD5
  
  3c456ca3d4422d4237bc35c79c851397
- SHA1
  
  2884118c65f56321bded1ae74674e86ae908838d
- SHA256
  
  5d09250869388a66bfc55867571a1eb2edc0bbe0295376072c2f273067476b94
- SHA512
  
  0b48acc4d824c216a49544fc17ecbe347fc1fbaf54a173fe70cf1acaa2d60a1f5ff9b2c5b6514c46574d786829e83928a538849f45988c19604690097eaff526
- SSDEEP
  
  6144:Ee34eypeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1x:XyeZHkwuPikQ7lKH5p5H9x1x
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/aminsis.dll
- Size
  
  559KB
- MD5
  
  51ba1095f0ae45a2d444bea506cb9ad4
- SHA1
  
  038a5d53d055a6d440bd2c8864c2f51db206c5e5
- SHA256
  
  b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539
- SHA512
  
  f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361
- SSDEEP
  
  12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN
Score

3^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryspywarestealer

behavioral2

adwarediscoveryspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16