Overview

overview

7

Static

static

3

VirusShare...a4.exe

windows7-x64

7

VirusShare...a4.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

1

ffMediaWat...ion.js

windows10-2004-x64

1

ff/chrome/...128.js

windows7-x64

1

ff/chrome/...128.js

windows10-2004-x64

1

ff/chrome/...ion.js

windows7-x64

1

ff/chrome/...ion.js

windows10-2004-x64

1

ie/MediaWa...28.dll

windows7-x64

6

ie/MediaWa...28.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    VirusShare_2d168a220037b5dfc842618aa739c9a4

  • Size

    634KB

  • Sample

    240204-qsj57sahc8

  • MD5

    2d168a220037b5dfc842618aa739c9a4

  • SHA1

    0bf6dfa7f0bcb27ab8caf9e8a4c4f44023cc4f7a

  • SHA256

    72efb5836435fe8e7e464ef27fcccdb969a15cd7d6419ffafc2c240ac21c724e

  • SHA512

    5ee274d84a4a2d8a4101a02b5ee6b7108da628566a5471c74e00b8b457ae97a78064c4c513650a0f7afa058d2336a993efb7bc079a245fda0f80bea639518046

  • SSDEEP

    12288:1Rd4gG4GjeZHkwuPikQ7lKH5p5H9x1S5eZHkwuZi5QhlKL5pyCsQzdjVWY:1Rd4gG4GjeZEXi37l6Br1S5eZERiuhlS

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Targets

    • Target

      VirusShare_2d168a220037b5dfc842618aa739c9a4

    • Size

      634KB

    • MD5

      2d168a220037b5dfc842618aa739c9a4

    • SHA1

      0bf6dfa7f0bcb27ab8caf9e8a4c4f44023cc4f7a

    • SHA256

      72efb5836435fe8e7e464ef27fcccdb969a15cd7d6419ffafc2c240ac21c724e

    • SHA512

      5ee274d84a4a2d8a4101a02b5ee6b7108da628566a5471c74e00b8b457ae97a78064c4c513650a0f7afa058d2336a993efb7bc079a245fda0f80bea639518046

    • SSDEEP

      12288:1Rd4gG4GjeZHkwuPikQ7lKH5p5H9x1S5eZHkwuZi5QhlKL5pyCsQzdjVWY:1Rd4gG4GjeZEXi37l6Br1S5eZERiuhlS

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home128chaction.js

    • Size

      829B

    • MD5

      1eade2c565b9b648d70b944d0a0f5179

    • SHA1

      9f375120ea5d5e24bb885b041d314c8777594b17

    • SHA256

      99e8dba49fbb51d5b2ac0d78bd946fc20b12c0c1a367c39dfee23d71bebd7054

    • SHA512

      a5a76f3711c5c1824a7fa08c540f6893f4167a39171a5a86b5ca3146cb686ee7bf0636b1d19e712af5b0c8b825a69366501b62b8d4d02879fd828c26f2ca5b2d

    Score
    1/10
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home128.js

    • Size

      744B

    • MD5

      762bdda608e75eb6053afc55eadd4385

    • SHA1

      f2818a1388f452f57602d0598024233d058abefd

    • SHA256

      2ee774c97637ab96f85d7c9a5999a85f192b171974a4df96f4f8867f89477bba

    • SHA512

      d3e7f08f3b1cb17f64d850ec648f40694aeaa5ec59f035f1efb5beb8b0092768feaf73909cfd490b6ae22760079da4b2f704702e3bd4b17f1a44c4e9c71f764b

    Score
    1/10
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home128ffaction.js

    • Size

      674B

    • MD5

      6cd194ec9076077e9915e3ec4b36a029

    • SHA1

      ede29ad9cd0af62b349b108e0a48cd11887754ca

    • SHA256

      675cf6715351d72c24c0eca1e3845fbbbe8af87a2ffa007df57a384f36de1ebc

    • SHA512

      d7e1e75dc501018c92253bf1a1cd907d1cc80e5fb7190ecf1cb62ef0dd38b127eed04119dcecc8c1c3315600110c3da01565cdd73c27ad1158ccfc045479f15a

    Score
    1/10
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home128.dll

    • Size

      85KB

    • MD5

      a437a7988c41009aedf3a1ec996ccf0c

    • SHA1

      88c915ef42d58d97357653d9c82a162f1991d2cd

    • SHA256

      f07151052b4a151c1ab261c07bb683adee9d6ca8fdd104fe8f9ba6dd6cb5efe8

    • SHA512

      9b7864ee52a117fe8d59b0ae2d6d5bba5273c75d556a4514aee6bd7c23d2575ec07342a54f469a1851af41e2376c9405deb2a7f7a77a766f9b90b67123c8805f

    • SSDEEP

      1536:R3flScQkGMAJtasrOb8Dk9u5HgNglQcA7i7:BlikGMALasrOq5A+acAc

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      3576329cbc159e037348cf6e3f9aa8a0

    • SHA1

      e9a17c479485977bcd8b94fbaa9d7f2cff86dea8

    • SHA256

      e0e8a5402a9dd919e9c33b0ccfc70dde23d4d7ffda8419668b5bb6adf9190a2b

    • SHA512

      ea1a580a413f454546273c8c1e634400b7b2b7db7a34f336645cb926bc8b91ba7e4d60462f4f270da75a29e8f351543dc6661b0153d0ec11dc06d836b71809b9

    • SSDEEP

      6144:Ee34WRXpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1i:fR5eZHkwuPikQ7lKH5p5H9x1i

    Score
    7/10
    spywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks