General

  • Target

    VirusShare_4b15ce2c934b83ce5a6b11deca81c622

  • Size

    657KB

  • Sample

    240204-qpdh9adacq

  • MD5

    4b15ce2c934b83ce5a6b11deca81c622

  • SHA1

    834db7736253891225f9d9fba2e520d0889c2b92

  • SHA256

    8955bb807f93600c53d3d61aaa21d67584daaa9d8afe2800807526b23dea5835

  • SHA512

    9f1f42de7139b1413d80c316e364d1f900a4c9973389973a1d2a2529ef3c6a7f0452afa79951d707fc2042ef68827c32031a59c236aacbcffda40032f50e4cc8

  • SSDEEP

    12288:ojyr+GLslG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bzq4Wa/QTKJ8eP9/75uO7eU266h:ojyrZLGG4GQm4OaHYJ8eP4D5uOHBBG4q

Malware Config

Targets

    • Target

      VirusShare_4b15ce2c934b83ce5a6b11deca81c622

    • Size

      657KB

    • MD5

      4b15ce2c934b83ce5a6b11deca81c622

    • SHA1

      834db7736253891225f9d9fba2e520d0889c2b92

    • SHA256

      8955bb807f93600c53d3d61aaa21d67584daaa9d8afe2800807526b23dea5835

    • SHA512

      9f1f42de7139b1413d80c316e364d1f900a4c9973389973a1d2a2529ef3c6a7f0452afa79951d707fc2042ef68827c32031a59c236aacbcffda40032f50e4cc8

    • SSDEEP

      12288:ojyr+GLslG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bzq4Wa/QTKJ8eP9/75uO7eU266h:ojyrZLGG4GQm4OaHYJ8eP4D5uOHBBG4q

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release7247chaction.js

    • Size

      864B

    • MD5

      16408dc921a08e3962de8426b074ed09

    • SHA1

      c1a12bbb018c8b3aafa407ff8ae24d40e52f25ff

    • SHA256

      78f82e17d4ff620f609504a8f54c445960ee1fc14f1cbbb59cfe73265722f89b

    • SHA512

      c9c02f4501120354a753ad1780b30c12e74c4af237e52e08d05be3adb0bf71fb17b7d819ffdedd1778789458b97cd1819c29f38b81f2890df7120ea03e4e262f

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release7247.js

    • Size

      765B

    • MD5

      316f51bea4d9fdfca079cec33445dfd3

    • SHA1

      12d64671f44b99394e16107250fecb9fd04eaace

    • SHA256

      6720230b1c2fe4c6d0c907d4e11e88057c89e2808fb946e466c423a67927ac0a

    • SHA512

      2df55d123086d1e154b222e2c37df4f387512ccfa60cbbba2615aa49d9bea2f7dfce956bf2b66869451792ffdbbb931912723132e43e3689ad24a14e11395132

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release7247ffaction.js

    • Size

      702B

    • MD5

      38f89f574dd33673e7f50631ec8ff4c1

    • SHA1

      4907338e3a3f4f61e19044eef35af4759637310c

    • SHA256

      cea461c02db3921519aa9a1e9f107ee166d3d4152febca2f41ca63758d039c48

    • SHA512

      04b9ad851c4c95be8c665d996142ebd925096056f7d729882860d8af5789da2372190d4d04f8c79843bfc55e8628297ae86510b8a48de52667877170e279a056

    Score
    1/10
    • Target

      ie/RichMediaViewV1release7247.dll

    • Size

      85KB

    • MD5

      544b6d461ef4865c4a80493f5d327efc

    • SHA1

      ef8c9660ffc922b86023d9810683eed7f97f53b9

    • SHA256

      c691ebdab962660979ed17b5103b0897c032e83cb790212c284ec62c42670189

    • SHA512

      f304c1b5bbdb5a0f7af048dce12dd50169cc769f01e32acd14633cc12fd62e719aacf188ed1879a5117c5cb640f868e20643aaaa343aafdf0a961e4c88e85ff8

    • SSDEEP

      1536:phMWCsgyMIwP/t6hp1ZcTkrCnbCTfLlQ8HeKS:AWKyMIwP16hp1Ybga8He3

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      83d9a4e3dac7d34f4e9a61b36e439b92

    • SHA1

      7c6f68427761c413458bba33cf28f0e745de4a2a

    • SHA256

      da21e0468f3ca19790525e6e12d84c6ad6df93615c14ce6ef4763eec81095b94

    • SHA512

      f90a6743123a789304e9936c44ba62bb60530528f0b8ac7861b7d9fd0caea12c08b035250198d9def4245bcdc2b5423dbdbb690304a06fac4727be353b1c97cc

    • SSDEEP

      6144:Ue34XoRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm5:+oq4OaQQTYJ8eP4/L5uO7D3f5Bk

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks