Overview

overview

7

Static

static

3

VirusShare...21.exe

windows7-x64

7

VirusShare...21.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

ffMediaWat...ion.js

windows7-x64

1

ffMediaWat...ion.js

windows10-2004-x64

1

ff/chrome/...988.js

windows7-x64

1

ff/chrome/...988.js

windows10-2004-x64

1

ff/chrome/...ion.js

windows7-x64

1

ff/chrome/...ion.js

windows10-2004-x64

1

ie/MediaWa...88.dll

windows7-x64

6

ie/MediaWa...88.dll

windows10-2004-x64

6

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...is.dll

windows7-x64

3

$PLUGINSDI...is.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_3924de009f8a47580a68ca1b26cf6521

  • Size

    634KB

  • Sample

    240204-r4axcaccd2

  • MD5

    3924de009f8a47580a68ca1b26cf6521

  • SHA1

    f9623e83bc548a8c4ba5ae7b1e14a598936ad84b

  • SHA256

    e8fddf79585aa209b0b804ff079e3e8f44196cf80f06a469967f4288224dfa4d

  • SHA512

    3c9b830050efdd74ede677cf4d1a05c9c274bfa5af7c6ce70da4587fde663afe5215caf22c833f639b8db084e0e1a5874cfa11923bf2d045eeb43958618a8338

  • SSDEEP

    12288:CT21PkVG4GjeZHkwuPikQ7lKH5p5H9x19eZHkwuPivQjlKT5pRxqlfh:CTAwG4GjeZEXi37l6Br19eZEHiojl4ZE

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Targets

    • Target

      VirusShare_3924de009f8a47580a68ca1b26cf6521

    • Size

      634KB

    • MD5

      3924de009f8a47580a68ca1b26cf6521

    • SHA1

      f9623e83bc548a8c4ba5ae7b1e14a598936ad84b

    • SHA256

      e8fddf79585aa209b0b804ff079e3e8f44196cf80f06a469967f4288224dfa4d

    • SHA512

      3c9b830050efdd74ede677cf4d1a05c9c274bfa5af7c6ce70da4587fde663afe5215caf22c833f639b8db084e0e1a5874cfa11923bf2d045eeb43958618a8338

    • SSDEEP

      12288:CT21PkVG4GjeZHkwuPikQ7lKH5p5H9x19eZHkwuPivQjlKT5pRxqlfh:CTAwG4GjeZEXi37l6Br19eZEHiojl4ZE

    Score
    7/10
    adwarediscoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    behavioral3behavioral4

    • Target

      ffMediaWatchV1home2988chaction.js

    • Size

      834B

    • MD5

      d12a3f1f640e0de77e50e370475c2a36

    • SHA1

      6280d33f37117900b8a58b96291c719af69689a3

    • SHA256

      a228ccf36cc55450939157bb87ee1c443de6b0c05002eab43e3e23179471a7ef

    • SHA512

      3f96c4da5bec2110935e52f38fc1c7e88fb114c15f6d63b060957825f0f8660c94a2d53ba3e053e52da7725067346343e3b764294ccb30e213f03458993327eb

    Score
    1/10
    behavioral5behavioral6

    • Target

      ff/chrome/content/ffMediaWatchV1home2988.js

    • Size

      747B

    • MD5

      2aea62b8cd57618b00d735b67441a15a

    • SHA1

      9d04737b8b1a8f5291fe67ec67c0e07711f33aa3

    • SHA256

      5cf5f365a856099b144f8812ddc81dca116c23ddb8ceb2708491889380d16f10

    • SHA512

      112b2227b9b71196e3d7dbab70d080a07fa13d8354ee45d36a1ceba5d6e4764a675bf7b21d8fa4d974e13ab4133ba12c9b2711b3a3a4df606e90e4a1eaceac47

    Score
    1/10
    behavioral7behavioral8

    • Target

      ff/chrome/content/ffMediaWatchV1home2988ffaction.js

    • Size

      678B

    • MD5

      e4e954b6e2fc10d3aee34857b961d0b3

    • SHA1

      1600bfc72e2bdf12316ff020fbc17edcc8d06635

    • SHA256

      bcf092b463b385f0b670ddffc3d6dd374c8204927739089241541e8eb5aaacfc

    • SHA512

      5547798e3fdcc4a76432a5bd88c369a9c292c037bde4b8a4676d6b9823d81623e8cb3882fa0283730c3f8c95aacce1ae7a62ab973e0794a3328337dcfca45465

    Score
    1/10
    behavioral10behavioral9

    • Target

      ie/MediaWatchV1home2988.dll

    • Size

      85KB

    • MD5

      f971fe00ce8ccf96d625f5f5f84be51c

    • SHA1

      8310fa60c440eb04ec5b3f720c4d5386642f493a

    • SHA256

      73dc6614258f4399eebac821911c1b8e57c77392479495f9ef0d53e3bcf8484a

    • SHA512

      bab24d24348a1d24925a11dc8c911a229d3eedb15ff61bdcb655f8ef2e2927c780d3ab296d9b909c593b177397cc668737dff26efb445cb686292234f75cc61b

    • SSDEEP

      1536:JP8/1CsEmka04RhRtahrOb8DkhtHHA9glQglpp:S12mka0ElahrOhHguaglp

    Score
    6/10
    adwarestealer

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral11behavioral12

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      8850b80b6f0f7551f846cdbb2894d0d5

    • SHA1

      fc8e35ef3abb5478a29c95b882a8e72a61f53467

    • SHA256

      6fc529d746b7a0269bc62918677700aad640b97a2681c7fa2512203ae09348b1

    • SHA512

      012603a6e534e9f5d48412369515329a45927e87973a23360bc50217f5620ac3265718f1e6a9e36d3409f67841f85714fe48ea62f3030d6892ab56cd2f7b66c4

    • SSDEEP

      6144:Ee34BKpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1N:k6eZHkwuPikQ7lKH5p5H9x1N

    Score
    7/10
    spywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    behavioral15behavioral16

MITRE ATT&CK Enterprise v15

Tasks