General

  • Target

    VirusShare_9458f8116a74615264b4fe4f30691ac3

  • Size

    657KB

  • Sample

    240204-r78yjscdf7

  • MD5

    9458f8116a74615264b4fe4f30691ac3

  • SHA1

    ed51b7d40c58ec0ec02fb8400859e53322a079ba

  • SHA256

    2d4a1eb0bda6c36c5a0cf4d9bf986515f49aaa61615fd423d7ac243c179d47ea

  • SHA512

    470f2c6fe084b0838aeeaebe5511923ff04807ce7fe69f651a4e1915588d426002ceada3c7b6a1b1d359a7b5687028ffc96600c33145a3545460d8157fcbbbb7

  • SSDEEP

    12288:DA3oihI1G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bwq4ca7QTgJ8ePN/P5uO7GLvHfAk:DA3oihI1G4GQm4OaHYJ8eP4D5uOHBBFV

Malware Config

Targets

    • Target

      VirusShare_9458f8116a74615264b4fe4f30691ac3

    • Size

      657KB

    • MD5

      9458f8116a74615264b4fe4f30691ac3

    • SHA1

      ed51b7d40c58ec0ec02fb8400859e53322a079ba

    • SHA256

      2d4a1eb0bda6c36c5a0cf4d9bf986515f49aaa61615fd423d7ac243c179d47ea

    • SHA512

      470f2c6fe084b0838aeeaebe5511923ff04807ce7fe69f651a4e1915588d426002ceada3c7b6a1b1d359a7b5687028ffc96600c33145a3545460d8157fcbbbb7

    • SSDEEP

      12288:DA3oihI1G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bwq4ca7QTgJ8ePN/P5uO7GLvHfAk:DA3oihI1G4GQm4OaHYJ8eP4D5uOHBBFV

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release90chaction.js

    • Size

      854B

    • MD5

      65c85d6d4b95aabddcdf2d01ddb56d35

    • SHA1

      bd0bdc2a2370d3abc1cd50d30b58b0922c95c953

    • SHA256

      946189b0af6951b4ec31feafa917fd1224a5f34477f37c4144979ea38063e740

    • SHA512

      8cd8b3f719dec75d18d0dd3a408857d7be8030104695a60d936d3ddf7712b5ddcf923912fe20ba6bcb0617bd69b22808fedfdda621ea99cc84a2076d931e3716

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release90.js

    • Size

      759B

    • MD5

      5379386f2a86663ab5467c09a5b60784

    • SHA1

      2728e1103ddcafa45df343163dc095cfd015659c

    • SHA256

      c8ecb463da4399d29baa4e746a11f33f9aba8b71dfb0402018ce8b22a29cb95f

    • SHA512

      56c7f59325fbc8cf4d426589a4a987b80d91e3abcca5b76b79eb6b399b2dd58698a8fb3161f70e9c54d61c4f37b38a5ad4c6e929326e65caa781cdd3ec0ef809

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release90ffaction.js

    • Size

      694B

    • MD5

      bb1e4196fbdc4134a3dcdb80b85d3a06

    • SHA1

      3de224995eab6b05239cce1c2fc3e7d70e7ab7e9

    • SHA256

      14fd5150486ba4157dc1a550cc6ae81b2dbd017793dcda5a1c0d2f1eddde374e

    • SHA512

      f7bc6a1f81950eacc9ae87f544364f17bd732aff933b1b95aa06046bb5bc53b36d8f5a32bbd92cd4d56c342239d21bd976ebda3dbd5fe49745c91e8c06da998b

    Score
    1/10
    • Target

      ie/RichMediaViewV1release90.dll

    • Size

      85KB

    • MD5

      f9a5bc54f53635254b5709f0e2a6bea3

    • SHA1

      6f62d9a0e5b0f8924428008cabf9e736a2077581

    • SHA256

      03a11dcca9e1872821facf031901d102abb66dfffdfee522faf429fab3069561

    • SHA512

      e8ac2b249906a37e40fe2fe6424606dc9cfcac7d511c943e0ed853928e6ac8a3b264fbdd9250b23dca684150bad2db45dfc0655a1ca4fce93e4706d3e4f743bd

    • SSDEEP

      1536:5sfNScAkccEltqY6Zk8DkH4x3LlQzoDiY:SNCkccEXqY6Z+4x7azoD/

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      06b2b87d889d047035c1d6a34bd682a8

    • SHA1

      d52aaf8ee8aa8426bf2a473a2f416dcf5df1273c

    • SHA256

      f61d16bd260cdb20a7509da7ed574616af335698694065db355ee1633d1b476a

    • SHA512

      d316c181d1d5180b4c707a77e70f73b8fa79cf2e686fa5fd0dc026eb6fba1b769ac7ed144fd1d38dd435246c29167931e6cdeb26cb644173773b80c1c3c0eefa

    • SSDEEP

      6144:Ue34EdRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm9:Jdq4OaQQTYJ8eP4/L5uO7D3f5BM

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks