General

  • Target

    VirusShare_7c4787898eb7a43eda66d58b84127cc2

  • Size

    634KB

  • Sample

    240204-qn4n2sdabp

  • MD5

    7c4787898eb7a43eda66d58b84127cc2

  • SHA1

    7056f9d702c1df2a5ab8dd4b990410816eef7567

  • SHA256

    c6d55d8f8b72a69a2434b691c1060cc202b02ae4e08e3d99b94829337cdda003

  • SHA512

    00b40ffe66294e26fe4aa226bf065e005235e820945b8f1d86b59cb61857152006bc41c68b608fb87419336ce82633632a6a25e37d16231c26c4e8b9bccb349a

  • SSDEEP

    12288:roeUeHtG4GjeZHkwuPikQ7lKH5p5H9x10eZHkwulinQZlKR5pxxoiRa:rOeNG4GjeZEXi37l6Br10eZE9iQZl2pS

Malware Config

Targets

    • Target

      VirusShare_7c4787898eb7a43eda66d58b84127cc2

    • Size

      634KB

    • MD5

      7c4787898eb7a43eda66d58b84127cc2

    • SHA1

      7056f9d702c1df2a5ab8dd4b990410816eef7567

    • SHA256

      c6d55d8f8b72a69a2434b691c1060cc202b02ae4e08e3d99b94829337cdda003

    • SHA512

      00b40ffe66294e26fe4aa226bf065e005235e820945b8f1d86b59cb61857152006bc41c68b608fb87419336ce82633632a6a25e37d16231c26c4e8b9bccb349a

    • SSDEEP

      12288:roeUeHtG4GjeZHkwuPikQ7lKH5p5H9x10eZHkwulinQZlKR5pxxoiRa:rOeNG4GjeZEXi37l6Br10eZE9iQZl2pS

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home3719chaction.js

    • Size

      834B

    • MD5

      6241a38e794bf5883bbbd37ec1f6a372

    • SHA1

      8baf0dc195a253c4dbe381df0ab305d22fa99551

    • SHA256

      59a7f0e3a5488eb37e450abe4a021a55a418411f5b3345826694c3f802db0369

    • SHA512

      c822be17628e01e4fed2e5939d22d3e4c3c0c51608243cfa4199dd9770c196df8a8bee87df35a9bdc5e4a215cde1db84bd4eb054e56ca7b7b45b02a634234b5d

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3719.js

    • Size

      747B

    • MD5

      c52eec931b92f19a4a3b843c8d791ac2

    • SHA1

      9622e60592eca9ad872ca5bca19f597fc4496d52

    • SHA256

      c77efe8acc7fc445bc530592cd79bd54eaa44ad7d892d3d8cfa7b9112774eb18

    • SHA512

      2beed5fccaded8c2df6b586d094cec36ca666f4e3d907626e6e97536af4170b3d939ca2cbe6a9fe4079ee82da9856b7fa4f29574644f16c5f1f39be07041d297

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3719ffaction.js

    • Size

      678B

    • MD5

      7a7e4b40de21b5ee364cd68467d81fba

    • SHA1

      d0679ecb5ff96cc62d04ba63814b92c9ee373d0e

    • SHA256

      8c415e47eb28eb5225c929aa820f965bfbfe6825f52c98d1c04a8dd0902dc5c8

    • SHA512

      abab5fa40114ad99a2eaf29a280b5a72d419c7f5ef7b5ad3097c2fb4be7c0a51e56aa8578232493c8e3ec145121b91f49cd6d986537d888599ffd2d9724021d6

    Score
    1/10
    • Target

      ie/MediaWatchV1home3719.dll

    • Size

      85KB

    • MD5

      6baf24f3d8f0f7dd081b688d10f05148

    • SHA1

      18ab9b0d6f49104974a400e33eef3af80c26311f

    • SHA256

      a8531575b4a3c882fec2552613cb38af9dc064cb5eb54ad72368bbd0c9f14ae5

    • SHA512

      ac3a27cb16875c089d9710f65d5a6a64ec320f839f604ff61a6f0020549930f166c7db555adae5861c606cf51d6716c4f04bdcdb363f21359e3a653a036bd892

    • SSDEEP

      1536:E8/1CsEmka04RhRtahrOb8Dkhl34HA9glQk3lh:/12mka0ElahrOhoguak3l

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      5a7c34ed1265668ffa708ca1464040a9

    • SHA1

      b1439e138783706440b969dd594093c4cefa6bd0

    • SHA256

      492e2970234a090b1f6531506c5fc72889f6b1068022cedc0f95aec7da0d6d06

    • SHA512

      a3dac81016db20a2ca5638079d46bdf7acc54fbeb26fdae97a82f11203d0dfd6419cfe6d3cce7a2f2a7d576abe205f94ae63104dd3391c6b0deceefa33084919

    • SSDEEP

      6144:Ee348ppeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1R:5PeZHkwuPikQ7lKH5p5H9x1R

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks