General

  • Target

    VirusShare_0e0bd5ae6c1f7a5e618d69b992586824

  • Size

    657KB

  • Sample

    240204-r4krjsedal

  • MD5

    0e0bd5ae6c1f7a5e618d69b992586824

  • SHA1

    74fff48da44ab4e0955d5032b3b92d2f597c1577

  • SHA256

    38452e26bbed1be868d7512fd3135d86c0479f1a908ed1add267bb1435105e43

  • SHA512

    88c1b0991c39145fa61b5464ef82e7f9cf5a510264ddee9b65a9266534125222698a56f9788d81d4c0a527343787faeb10d9ba6996775cb3ad855f168cf389c7

  • SSDEEP

    12288:OGv+YG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Boq4IapQTsJ8ePj/p5uO73U260BJ:ODYG4GQm4OaHYJ8eP4D5uOHBBd4IaYsZ

Malware Config

Targets

    • Target

      VirusShare_0e0bd5ae6c1f7a5e618d69b992586824

    • Size

      657KB

    • MD5

      0e0bd5ae6c1f7a5e618d69b992586824

    • SHA1

      74fff48da44ab4e0955d5032b3b92d2f597c1577

    • SHA256

      38452e26bbed1be868d7512fd3135d86c0479f1a908ed1add267bb1435105e43

    • SHA512

      88c1b0991c39145fa61b5464ef82e7f9cf5a510264ddee9b65a9266534125222698a56f9788d81d4c0a527343787faeb10d9ba6996775cb3ad855f168cf389c7

    • SSDEEP

      12288:OGv+YG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Boq4IapQTsJ8ePj/p5uO73U260BJ:ODYG4GQm4OaHYJ8eP4D5uOHBBd4IaYsZ

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release1111chaction.js

    • Size

      864B

    • MD5

      75036ba194197f188ebd288c80e29eb2

    • SHA1

      5b3c76700e21f6be53ad9e063f96eac9a440beab

    • SHA256

      042d660d1de99a1175bfc49032248972512d6c8328e70e7299c951c954f445a2

    • SHA512

      398972b6ce6aae7397a4b1ef37801d8554129084ee4e67509e9c228677b77de9e4867d43826d2215ef4becff8a41bf1353206f8e9138f7df2d7e9b03280bfe2d

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1111.js

    • Size

      765B

    • MD5

      d382a81457886ddbeed4d5ec4a0bcb8d

    • SHA1

      30b5496148d3157fc4490f7b350e670f142b0fab

    • SHA256

      3897f16b087e839d71b3f1c014089a740f2e43b0243ca36ef67490d6c019f902

    • SHA512

      d21b2f77e6242c594ca3ef7b4a235419f64b1721a0f07c1c7e9c9cf4e924dcaf71c27d5c39982b48e9cf460a96f59b58562f33794c482cc5fcab54a5c746d3e9

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1111ffaction.js

    • Size

      702B

    • MD5

      fa418d385caf7e71590e5893bcec21f8

    • SHA1

      76ca90f4968f1db39b43bffdee54cddd3d13e2e0

    • SHA256

      7efac7d7fb796dd5ea52b080098d06ae60de874f1af5fd690832d6a5650994c9

    • SHA512

      79ba8fb1c8e900526980c76e5a5a7f1c945bdf04fe81cd7bc0d58d644e79fa3744f78a4bf8077102fa7bc4ac10d21a2ebc4833209171a54a2d093a1479109a64

    Score
    1/10
    • Target

      ie/RichMediaViewV1release1111.dll

    • Size

      85KB

    • MD5

      9eb729dbfcd3de918a0307849e378e04

    • SHA1

      2c6c409787f799cc6d6c3018f717711c3c89fb98

    • SHA256

      d18f54d9aa66795975836340ad6e421cabf0be5c4f54a7c9fcb093b83f5a78bd

    • SHA512

      1de3cf0bd4a7b52ad660612b43afec9c0fe36bd927e0127c11165bf8cc950d49a9276ba08349584e5f438bd962c45342fdc917c4b19d914785b72b42743c6c39

    • SSDEEP

      1536:LhMWCsgyMIwPnt6hp1ZcTkrCF9CTfLlQjXHaS:yWKyMIwPt6hp1+9gajXHH

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      dc137f5991e90d4ac195c68a273f78ce

    • SHA1

      843cb47ced8befc1dba08c4e8f77843889c4f7c7

    • SHA256

      538e1d6e3e587b062f46b05b93da1752896ef62bddf9f5adf0876686341a6b8d

    • SHA512

      d26db451cca7121d89160eadec38e964aceb6e5d9f295665fb48ab10ee4a972edf860a008f71a4b89ded9056924c4e224d3235cdf5ca877b3ccf93c5e4f8e240

    • SSDEEP

      6144:Ue3490Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmb:o0q4OaQQTYJ8eP4/L5uO7D3f5Be

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks