General

  • Target

    VirusShare_fa8dfe1ee267e55a803b35962dac2095

  • Size

    657KB

  • Sample

    240204-r4m7nscce5

  • MD5

    fa8dfe1ee267e55a803b35962dac2095

  • SHA1

    452638a39c63138abe4e167befd073e25ccaf898

  • SHA256

    bcef16b929b06d23c6811cd929b58328ff3fe394c1cc0d3f910ad10d4812b757

  • SHA512

    73a57cce283c3819f64cd1bda2a622dafb5b11df76a0ef3bc91841c507f6c5b8d2d03de239cf0cd9f5c04ed711ea480b3243a9c287cc49c6636959f53900ae72

  • SSDEEP

    12288:m8HbfCBzG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BDq4WarQTwJ8ePB/p5uO71U26eB/:m0bfIzG4GQm4OaHYJ8eP4D5uOHBBW4WM

Malware Config

Targets

    • Target

      VirusShare_fa8dfe1ee267e55a803b35962dac2095

    • Size

      657KB

    • MD5

      fa8dfe1ee267e55a803b35962dac2095

    • SHA1

      452638a39c63138abe4e167befd073e25ccaf898

    • SHA256

      bcef16b929b06d23c6811cd929b58328ff3fe394c1cc0d3f910ad10d4812b757

    • SHA512

      73a57cce283c3819f64cd1bda2a622dafb5b11df76a0ef3bc91841c507f6c5b8d2d03de239cf0cd9f5c04ed711ea480b3243a9c287cc49c6636959f53900ae72

    • SSDEEP

      12288:m8HbfCBzG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BDq4WarQTwJ8ePB/p5uO71U26eB/:m0bfIzG4GQm4OaHYJ8eP4D5uOHBBW4WM

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release8189chaction.js

    • Size

      864B

    • MD5

      d9e69eb7f295fa318860dfd966be3415

    • SHA1

      3b3e9e94d320a1235cae019d4b592784d72aac6d

    • SHA256

      11bf3eb6e54b29e004a35fbe515235de5b521d6a6fd0d068121613bf65dc5bc6

    • SHA512

      a5304d593e14cf402de61b0fb801b4cda0cbc219e0bcd3e3356516183d6a0141af5729a2049b7f322d2c07ba0bf301fc952be831fbac962fa6a56a0cedc3225e

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release8189.js

    • Size

      765B

    • MD5

      c126a5c86be1153bbc511d54c7d09abf

    • SHA1

      8ea87238f8f93a22397be1cf99d3927b72027081

    • SHA256

      48d523238f25820120fee0794ed6590f888da80df18f1d7d292b748d1272cf9d

    • SHA512

      4d12bb9a2ec2bf8bb1d127b4d2e43cff5c8068ee137bfc8b2703d2a75b3306d6ff7b5e76406d14322d59979a5da2adad67a0478bd4902a05b02e8594e657bcfd

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release8189ffaction.js

    • Size

      702B

    • MD5

      ddad6f934925030398d605db24fe2bd3

    • SHA1

      eb6760499c86bf4f698e0f6aa378f49949239529

    • SHA256

      5f55b14ac186587e669c59c913350d801bde2bb491d7c95f30d42129bf5a68ab

    • SHA512

      40c2f687bf14fbee5ab5e59d16396e0746aa06016af58cc2591c1f2824e6d7f94264cf509b4c756968e573b9f1c388e4fb53b19e1c5a4b3a051d43ba835be709

    Score
    1/10
    • Target

      ie/RichMediaViewV1release8189.dll

    • Size

      85KB

    • MD5

      4bd0ed03906503b4f1e97bada76a03be

    • SHA1

      2a0cdc6cb2f0f7c9a5b871791bd40cc878a21f77

    • SHA256

      56af6bdf33fe2d264a8bd68a778bf8b46fe03af27a7e487edb379bf4f48e91d4

    • SHA512

      5da948a9a23a4f236210736bc0e469aa88996f7ae9e2cb68841e554d898899f5be35989da395207bd0118bfee3bec1582a1e43a95e9b8ccb64e543f3748ddf37

    • SSDEEP

      1536:phMWCsgyMIwP/t6hp1ZcTkrC1UCTfLlQoHLaS:AWKyMIwP16hp12UgaoHLH

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      63cc900ea634ae5eb6ea00c6d17325b8

    • SHA1

      1008211fda263a185faa407e6c0ef9d0515b9971

    • SHA256

      5ef3f7ca52c04c8bb12149bd1ac4119c29670c01cce4cbd36475887998cfe759

    • SHA512

      fb87f16a2d98d00a1d0ab8150834dfd33bc4889dd2dd34332da03bbb16a7c9e001b838a31f191cb0c54afb23514865770425d7403824e29e9f73aceccb00d051

    • SSDEEP

      6144:Ue34F8Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmx:Q8q4OaQQTYJ8eP4/L5uO7D3f5Bw

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks