General

  • Target

    VirusShare_b89a2d0f47356b22a0737bcec4a20174

  • Size

    657KB

  • Sample

    240204-qnz1vsagc3

  • MD5

    b89a2d0f47356b22a0737bcec4a20174

  • SHA1

    961cdbbb49021e75a2ae426f78b1d5689de1d716

  • SHA256

    e2699838c833191295be74c4a4aaec52ebad60951ab97e7166d1038c3e475bee

  • SHA512

    fc17491e4f7e6136f0ee40a82b8d9b05ac9c5435060a48ffa17b8600c873a25d2a17c4565ec5633b2cdbe6d8c13085d47cf9fd0b30e747c7177bd38153208cba

  • SSDEEP

    12288:DkuxdG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B/q4ya/QTcJ8ePx/b5uO7ALvHXA3:DkmdG4GQm4OaHYJ8eP4D5uOHBBi4yae6

Malware Config

Targets

    • Target

      VirusShare_b89a2d0f47356b22a0737bcec4a20174

    • Size

      657KB

    • MD5

      b89a2d0f47356b22a0737bcec4a20174

    • SHA1

      961cdbbb49021e75a2ae426f78b1d5689de1d716

    • SHA256

      e2699838c833191295be74c4a4aaec52ebad60951ab97e7166d1038c3e475bee

    • SHA512

      fc17491e4f7e6136f0ee40a82b8d9b05ac9c5435060a48ffa17b8600c873a25d2a17c4565ec5633b2cdbe6d8c13085d47cf9fd0b30e747c7177bd38153208cba

    • SSDEEP

      12288:DkuxdG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B/q4ya/QTcJ8ePx/b5uO7ALvHXA3:DkmdG4GQm4OaHYJ8eP4D5uOHBBi4yae6

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release550chaction.js

    • Size

      859B

    • MD5

      627b8accd7e28c065f7fdc2ff50492e5

    • SHA1

      9b390ef8c94f9ed47dd9c1d4da35bd1b3aca7307

    • SHA256

      870a5a66e0965dd58efe8ed80f6b21f0d7503c1692935c15591d1636e3c226ec

    • SHA512

      51991c57abcc6fac1e955d31914fd3c96c157897017b81352718f6154a3eda274536ffa989c228a74d8a98332f22c5fe7692197250b29ad77a265e08fe50548c

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release550.js

    • Size

      762B

    • MD5

      ff46493bcfb1d676c70f0de29e5e0f9a

    • SHA1

      39a7d70928c1b6df3c1530ac3570322df0df1c25

    • SHA256

      2be1c47cd53026891c1bd2f7828ddb412dc912db5f611a686e43438f37f58c2f

    • SHA512

      74133a2042d792991b7e0269dbd2a69cb30fd1ea727f66365eba60e5201d74775d4cd6f7ced6d45edabd0ab6fd1deaf4897e8ecefe3964277c119dc6617ac668

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release550ffaction.js

    • Size

      698B

    • MD5

      cc6d36b5ef311b4176a3adc03d1def8b

    • SHA1

      21c64e5225018ad5dbedade8b1c0b03277b29913

    • SHA256

      6c52db1a23ec823b9981d7d099db9d51693819f77a0d999aee11893623c03a7d

    • SHA512

      a8a23f5af3ec47e9ba547df21bcd5e9bdaf6ad51ea922bf4e8e23f88aadb36edfba32525fea1dc6d3b31efef0fc29c1a13a3b818ef1ac43f555b708f61ab59e2

    Score
    1/10
    • Target

      ie/RichMediaViewV1release550.dll

    • Size

      85KB

    • MD5

      7cd6613b31f6ff48fb185ab16066cdc8

    • SHA1

      f979081870deadf58350e9e72f9ed2fedfeac2a6

    • SHA256

      9b38c867db1ee2d64dde2a6298b3932d36c8603297f9dbfd7c00c4045f28870b

    • SHA512

      e00a546bf9d9d201098f571f38a0ef252739c410d68d86b48e86c522b3f525f694738968a0108817e343c8599d16f48804a7ea91b4304531de599f5812f39d3b

    • SSDEEP

      1536:kkf9Csc+EE7MsV5N60GlVk8jkrw5PnqLhPLlQwbdtBZ:n9++EEwsR6FlV5Pnmawbd9

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      a38537ac1a3d657f1d3253b565444197

    • SHA1

      57e250c3e7983a1d1108bce88519f4f339d6ace7

    • SHA256

      e6a5559e051777ee128521e7aa57c161d3de3b582773901e4c455b21d7d9c2c2

    • SHA512

      4733a1a685821c3c2d7870f78cb1e20b86f1f1446c7757c3a18f8a19366188ee989afce10e86507ebc7fbc3252e99176041179864ee390218900a95af4019524

    • SSDEEP

      6144:Ue34EkRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm6:Jkq4OaQQTYJ8eP4/L5uO7D3f5BP

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks