General

  • Target

    VirusShare_0cee4cd5f8c492a720a67fdf46a05b0d

  • Size

    657KB

  • Sample

    240204-qsy95adbbr

  • MD5

    0cee4cd5f8c492a720a67fdf46a05b0d

  • SHA1

    1573ca01f505a33adc12d4d8bd3322a01f9b9ebc

  • SHA256

    023e00c148855cdea324df45aa82b480ba9b01beba17d992e5f60990615b24ab

  • SHA512

    506160e03778b1557e6d6bda87d7c33faa416bfc048793c4382ee40dbb82cd36f816ff04542a2104c8af69498022522fc32c9f83b6e7311aa25ac8180d5065c2

  • SSDEEP

    12288:lFKtZCDxG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BXq4ma/QTkJ8ePJ/R5uO7nU26lB2:l07iG4GQm4OaHYJ8eP4D5uOHBBa4maeC

Malware Config

Targets

    • Target

      VirusShare_0cee4cd5f8c492a720a67fdf46a05b0d

    • Size

      657KB

    • MD5

      0cee4cd5f8c492a720a67fdf46a05b0d

    • SHA1

      1573ca01f505a33adc12d4d8bd3322a01f9b9ebc

    • SHA256

      023e00c148855cdea324df45aa82b480ba9b01beba17d992e5f60990615b24ab

    • SHA512

      506160e03778b1557e6d6bda87d7c33faa416bfc048793c4382ee40dbb82cd36f816ff04542a2104c8af69498022522fc32c9f83b6e7311aa25ac8180d5065c2

    • SSDEEP

      12288:lFKtZCDxG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BXq4ma/QTkJ8ePJ/R5uO7nU26lB2:l07iG4GQm4OaHYJ8eP4D5uOHBBa4maeC

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release83chaction.js

    • Size

      854B

    • MD5

      63c85cf691909b6e4164afea5cf75b33

    • SHA1

      6a9b6934ee6455e71e8ddf5e0aeaf0d404a59aaa

    • SHA256

      cd5c006646368b16f1f162e93ba19ae54a53172faf0bfb3d9e197283f64c8556

    • SHA512

      852f8a5ba15e55892ceeb67d3b938f0c16e52fc0dd15998769a11e447477b3882052be47365c46c8171e087343550530fb824627775a7706cc898c45ae97db7c

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release83.js

    • Size

      759B

    • MD5

      ae309ae43fccab367100aa6773162b00

    • SHA1

      8b9ae152568215e159f8f5998845cf43eba117ad

    • SHA256

      99969f759b48c84f094f79fb9f417f0c44f64ac6069e31dab67a78494cad6ce8

    • SHA512

      83b6b5bfd0e8d0bdf2c3f647623c457412db29f212850b914328703771b28c1f8f60d5684205ca233e50c0b0d1ec935c3a1d07e554f21f2e772a2741a3e8a171

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release83ffaction.js

    • Size

      694B

    • MD5

      261a6e06b87ed793c008bc72dda1536c

    • SHA1

      08c0806aedf8306c25619d73ea5b609e8c84f047

    • SHA256

      3719c71111976384a31753b2764980d9d3ca93060a941282a5e7cbe6bc5b862f

    • SHA512

      b6b1f38b400904af8084d55f362594b8d4bcc3c3056842013102a1c3d9d0b0d8b774da74c8d66d7156142136b2830db6081f564986f5db9bd2a8ba8de884c6a8

    Score
    1/10
    • Target

      ie/RichMediaViewV1release83.dll

    • Size

      85KB

    • MD5

      eba0a596ae26a6ae4916ceb7972e9cf4

    • SHA1

      a383242126cf2cccf24e6e8688cc2a78cfe5a3f1

    • SHA256

      db5cf7b4a21b9fc3211d1d5e6091a10efd5e41387f4bf6548dcc0346b3e06d8d

    • SHA512

      dd7c70112ceb61efc725ef313e6d8e86b98699dfc514b1f0d7fb0d009ef3b4a8e63575498460d98efff8812d0d8c08d0673af092c023e1112b529468a9ce0a2e

    • SSDEEP

      1536:bc/9Cs8ekkcEDtqJ6Zk8DkWaxnLlQeRCRskpY:k9eekkcEJqJ6ZDaxLaeRB3

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      5aac4bc6e98a4feac7454c3012d37f47

    • SHA1

      b0ce666602084f256536fffb7120ba1ad60dc081

    • SHA256

      d35263e604266153e5c2d88d63143b0ea3017fbfe6241a8c975e52a96e2da6d5

    • SHA512

      c02ea91712648b18afc89fd062378492643368b87b86a3e4b8dd9796b6ddf66abf72dabb6a71a7630240fc518841f70e3a43fb74df2f49e6a7f8a694e93b17e8

    • SSDEEP

      6144:Ue34WaZRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmr:Hmq4OaQQTYJ8eP4/L5uO7D3f5BS

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks