General

  • Target

    VirusShare_1cefb165d201416e3757858f2afd08be

  • Size

    634KB

  • Sample

    240204-r54k2seddq

  • MD5

    1cefb165d201416e3757858f2afd08be

  • SHA1

    f4d453426eb9ec2bbe3b678ad94acf0ae20d713c

  • SHA256

    6a47d989dd099a8a783abffb5170fd78dc139cbb06e2b1365e112d0bb0ca04ea

  • SHA512

    156a6f8ccaeedc714fbf8c92e1b7e83083052ce4a64f9566b1351cfd574b68a9e0dbb33cf624e4cb220f3c670eb31dfa38a8f8e42adfc950e31932e6b0d8b6e3

  • SSDEEP

    12288:gM7C4xCrG4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwulinQZlKR5pxxoiRd:gMqG4GjeZEXi37l6Br1SeZE9iQZl2paI

Malware Config

Targets

    • Target

      VirusShare_1cefb165d201416e3757858f2afd08be

    • Size

      634KB

    • MD5

      1cefb165d201416e3757858f2afd08be

    • SHA1

      f4d453426eb9ec2bbe3b678ad94acf0ae20d713c

    • SHA256

      6a47d989dd099a8a783abffb5170fd78dc139cbb06e2b1365e112d0bb0ca04ea

    • SHA512

      156a6f8ccaeedc714fbf8c92e1b7e83083052ce4a64f9566b1351cfd574b68a9e0dbb33cf624e4cb220f3c670eb31dfa38a8f8e42adfc950e31932e6b0d8b6e3

    • SSDEEP

      12288:gM7C4xCrG4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwulinQZlKR5pxxoiRd:gMqG4GjeZEXi37l6Br1SeZE9iQZl2paI

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home3277chaction.js

    • Size

      834B

    • MD5

      d89ebebe73ed8f7090367c8846e0aa44

    • SHA1

      6ea28c4783ae010c66a222ce161a1311112bc643

    • SHA256

      911cd16475609a3ba9455a63ee2dd52685e9e422b43da023856406eeaaf86a35

    • SHA512

      00bf1bd73ff5aa115d3b0e050ffefc1f771f1f62253ad39a4285195a1ced582e778fea50ffb6bd0f6eec95682b24bc9041ff112fa7f3632d8b71699b7d9ee797

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3277.js

    • Size

      747B

    • MD5

      7afa94cfbf7dd6954b7cab1b248c8757

    • SHA1

      200fe901dfb56fce332638b75d1a2cbdb8572223

    • SHA256

      359662ef9f3554ce6756eaed6a94fb5cf2444b5549c8afccb3cf2a7113f3ec08

    • SHA512

      6b40679691d6fce40163292651a34f748833cd0653c6c83c189642b7dd8615c00a8798424b7eb401075fe2bc0d52aa441a72f26ee1a179f6b5ae719f3af72bfd

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3277ffaction.js

    • Size

      678B

    • MD5

      be483ddce62af737965aee0170772cd1

    • SHA1

      ca66cdfd9ca10506020f96d0799a1706bb7b5b61

    • SHA256

      ccaa3c18a77275678c2239f89cf95d34aab61950f4b469164b1f1f1a0b3eff4e

    • SHA512

      f8f176eae06514a5166ee7bfcb462642c9f29c321c6a8492fb003b15a3ea8a953da3c4b3c64f2b03295adffe1c45b62ef9de98d3ecaf52ba0251dccf6b6023d2

    Score
    1/10
    • Target

      ie/MediaWatchV1home3277.dll

    • Size

      85KB

    • MD5

      a8258cf475c843adf13f64825c7f4dc2

    • SHA1

      9c1212bd2447604289d13daf1daafa6ee7d36f1a

    • SHA256

      26f35b5a1aa05cab4a7617ed54129445de480e003fefc516bfe2798914eb8b9e

    • SHA512

      6b8767aeb5faad6a72f37c40a0f0201ab7618738b3304f3605f102c03fc0ac0cc6b954f984103d1938117dbc3a56babb61e29ddb884c65bf132eb20a8edffbcf

    • SSDEEP

      1536:K8/1CsEmka04RhRtahrOb8Dkh8WeHA9glQpJ2Z:l12mka0ElahrOTeguapJ2

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      a24dd9bf656cffb527c9a858892d8f09

    • SHA1

      101b2dc3e40d48b736551b7a8bde396d100a1592

    • SHA256

      519c1e69b63805a6aab2b2b65ace0024bb6d436c0ad41c870213517ef8206fe5

    • SHA512

      f6902215e8fb2451e2a2ce3b5ee6b0847dd5540a3945ba68bc50283ea9dd6a18351780501a5e32e9e9aaad00746b1cb05c333f5954e36028d234217d73e3c779

    • SSDEEP

      6144:Ee34f/peZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1C:GReZHkwuPikQ7lKH5p5H9x1C

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks