General

  • Target

    VirusShare_308b7b2f3ce35cc1c3ae16f594aa3b66

  • Size

    634KB

  • Sample

    240204-r6zcqaedgm

  • MD5

    308b7b2f3ce35cc1c3ae16f594aa3b66

  • SHA1

    e23e941175f8ae4e49312590eeff9b329162f882

  • SHA256

    eafbc245c49434ff6480d878828857d9e9fdb620b8660202f95afb5248f903ae

  • SHA512

    8944e0c32a1f2f29baf708c957f38a12140b8da490084685781d2e368daaca08fad6d94d8388693353575d74676ca8263f81679ad708d7c4b7d1e3e408458973

  • SSDEEP

    12288:S4oJxk8G4GjeZHkwuPikQ7lKH5p5H9x1ueZHkwuriZQZlKh5pQxlMjVWV:SBxk8G4GjeZEXi37l6Br1ueZEjiOZlW+

Malware Config

Targets

    • Target

      VirusShare_308b7b2f3ce35cc1c3ae16f594aa3b66

    • Size

      634KB

    • MD5

      308b7b2f3ce35cc1c3ae16f594aa3b66

    • SHA1

      e23e941175f8ae4e49312590eeff9b329162f882

    • SHA256

      eafbc245c49434ff6480d878828857d9e9fdb620b8660202f95afb5248f903ae

    • SHA512

      8944e0c32a1f2f29baf708c957f38a12140b8da490084685781d2e368daaca08fad6d94d8388693353575d74676ca8263f81679ad708d7c4b7d1e3e408458973

    • SSDEEP

      12288:S4oJxk8G4GjeZHkwuPikQ7lKH5p5H9x1ueZHkwuriZQZlKh5pQxlMjVWV:SBxk8G4GjeZEXi37l6Br1ueZEjiOZlW+

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home240chaction.js

    • Size

      829B

    • MD5

      0c8bcf747d6a1ea03c5798ab60cf6b58

    • SHA1

      36e125706009a838483ea631d9671801ccd8f00c

    • SHA256

      752da6d70b303c9b5b3af066e486f3b9f7f9c05bffa7309d0ef7171ff31edf5f

    • SHA512

      6a50b3a1d111827f684f6241ab41b46e82457ce64236c8a05bf5aec77147dc93bf4e92a8a7ed2d4afb76ded82eba81a4b8e10ec2602da4ffdfeae77116abb420

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home240.js

    • Size

      744B

    • MD5

      c1109b2d3a82ee9e873c669f722ef384

    • SHA1

      8ca5f5c70c5ea1f7244dcd86337decd8893fa4f1

    • SHA256

      e95b2675dc97f99e80b1e0150ca116a6ae2bb827a162329bdce26e44c95de94a

    • SHA512

      b4105fb4538130842b9b2f93e1071e347deb49fdff360265a5a4e846735dd9fdf1682adf371ad559d83b7657491bfe0dcd5e9c79f23b60eef3490730d70282ba

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home240ffaction.js

    • Size

      674B

    • MD5

      c5937ae7aef73488bff08c1cc322811d

    • SHA1

      b2928b1d9c5c0e7d86b9fe09088d2084af380904

    • SHA256

      d8682afeeee3bd2c4dcf19964d1343dbdc1c63fbcea93f310c42924bc3de6e34

    • SHA512

      f3bc9f601c0a68ce40d90b24f909e823329628fe7963d392aa447c82e6134e1d02711e0d748069681aa91bf32f7de55b780577fdb71319bd38dc01cb8623dd69

    Score
    1/10
    • Target

      ie/MediaWatchV1home240.dll

    • Size

      85KB

    • MD5

      692e88e0d46b8a790e67ae2e0ad779b8

    • SHA1

      788f23580226f94272c0c2b712f9a7699dfac33f

    • SHA256

      137959b8216856a25c76a243936b95b8a3360260be07b411dee0ee15a67d5248

    • SHA512

      7bac4bc57ff323a931ee412efe0d071ff673c72f41b3e871fa80724d6752c64251089581565b0a7af47629ddbcb702cdc51975a95c4b589103b930bb4a5a3e19

    • SSDEEP

      1536:ln/1CsEmkaMAvtahrOb8DktsfHA9glQfPrUt:912mkaMAlahrOsfguafPo

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      b9b8652ef1954aed8b8a3723caa9aa08

    • SHA1

      28cd88d0ab134d92cfc6190f06eba1eb951712c0

    • SHA256

      d866c1bd938e80dadbdd48810cd81e9bfdec96e686cfb473e57ac346e75790e7

    • SHA512

      e34763f594d4e231fff576e809e72224e6a8557a56575ba5a1207ebfe3578cf3c94b8de125b2f9052fe807a645afa8041e56056e2dc4eb03cc6bad0064501d90

    • SSDEEP

      6144:Ee34xQpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1h:EseZHkwuPikQ7lKH5p5H9x1h

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks