General

  • Target

    VirusShare_2e4f053b2d61556bae2812d03519fc91

  • Size

    657KB

  • Sample

    240204-r21d8aecdr

  • MD5

    2e4f053b2d61556bae2812d03519fc91

  • SHA1

    5be50f03eb9e8c87ab0fd872025a52fcacea7f25

  • SHA256

    06e824e1a838ba18e32b330e71cf2cfd3b772011674ade89d0df2ef176a4859b

  • SHA512

    07be7aaff843be4a148793b39245c650c736a8596b11611fb38d3f217ad16b2afe0fd6341b6acabe69ca5b5519e5eecc90a3fea86520a1b4721ba0d412420c8b

  • SSDEEP

    12288:fl+bWO6gMG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BVJq4GanQTcJ8ePx/Z5uO7dApqG:fMhMG4GQm4OaHYJ8eP4D5uOHBBVM4GaE

Malware Config

Targets

    • Target

      VirusShare_2e4f053b2d61556bae2812d03519fc91

    • Size

      657KB

    • MD5

      2e4f053b2d61556bae2812d03519fc91

    • SHA1

      5be50f03eb9e8c87ab0fd872025a52fcacea7f25

    • SHA256

      06e824e1a838ba18e32b330e71cf2cfd3b772011674ade89d0df2ef176a4859b

    • SHA512

      07be7aaff843be4a148793b39245c650c736a8596b11611fb38d3f217ad16b2afe0fd6341b6acabe69ca5b5519e5eecc90a3fea86520a1b4721ba0d412420c8b

    • SSDEEP

      12288:fl+bWO6gMG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BVJq4GanQTcJ8ePx/Z5uO7dApqG:fMhMG4GQm4OaHYJ8eP4D5uOHBBVM4GaE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release94chaction.js

    • Size

      854B

    • MD5

      b1e542d1dba8a78fcdb6278e6d897ec9

    • SHA1

      ef580503748f28cb58b4f5b74c0522b014246192

    • SHA256

      9e7c1f7b76bf471be8fb39a29cb494f28742ba858f3fdd72a662d0ae625adc45

    • SHA512

      c5a5c6ce7624124588b6704967e61729723de3d40bc1735f1cf519f25fc12bc3ea9f9078d6ee111f8cf634f9a414f59ca376c9a4c78935386a9f33ab0effa8e8

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release94.js

    • Size

      759B

    • MD5

      efd810dbe2f68b5763832502dfdca557

    • SHA1

      47fd97e3aa70053878a77604e21ca1a67205779c

    • SHA256

      bc03382008aac81b25dc5ac07e457f088e4c75a94b5b36fd6633a216efd717a5

    • SHA512

      19662b82597edca918a4e8d8f83d1e8362a3a037cf9caded9bf2f1165e3ed7b2d80cdcab38f707b10ae11ebfd7a9d0be6f0548816c1a53de53824d6b260f2ef8

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release94ffaction.js

    • Size

      694B

    • MD5

      e3e5a3fa8aba7d7a2f8a9da5bc53ea78

    • SHA1

      8c0c752edd34d1188e113f0c35785d9e47857591

    • SHA256

      e774af1fab40904d95b7871d879222fb5024adff5ab343318847c1e667690e3b

    • SHA512

      7657524726bd53a46e787d114400d13c27e233ee2a1cd1c7d99ccbc1ed424ea25c55c89f62c2fb35d226c361742157175273b0f075fefefd0edbcf74c2ac8a86

    Score
    1/10
    • Target

      ie/RichMediaViewV1release94.dll

    • Size

      85KB

    • MD5

      123ec917e881479f47630f64640dfc43

    • SHA1

      f9073f05c5cd46da4e36cc2f5d99e63aaaa78472

    • SHA256

      cd3ad4365e4bcc9591b8268af6ccca1764ee57951ba2a8378a081c987ffb34a5

    • SHA512

      9d6d4c53fd63f24ed04e4407cfea3aff62fcddd70fc5dafa57a94c6b77779d3b22750e2770ef3089a0d2a503369b752394c4d74231f244535409a04df12c6545

    • SSDEEP

      1536:Bc/9Cs8ekkcEDtqJ6Zk8DktexnLlQE14EpY:a9eekkcEJqJ6Z4exLaE14X

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      da4c414cb44a4ebf21b9168d64a3e806

    • SHA1

      365eae43c9b14d9f72bc996f06f1810b830cb0df

    • SHA256

      3ebc6d6a3a3efdea1d9a3da0394c5dfea354c2be6b3ef7940c840b9d1a4b0966

    • SHA512

      ed8a069809ea6c3712360b5e49380cef693c328b9ffa63bbbc3b4f5150f478e6c77b7e48845fc46d855bd52b41d9ba012c26260a4ac303b3622aa05a57f71f79

    • SSDEEP

      6144:Ue34QdJRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm3:ddJq4OaQQTYJ8eP4/L5uO7D3f5BW

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks