General

  • Target

    VirusShare_e8b486e46f4b875b6429f3272aaa7df5

  • Size

    657KB

  • Sample

    240204-s8bj4sdde7

  • MD5

    e8b486e46f4b875b6429f3272aaa7df5

  • SHA1

    636dfdb576a78ffc59bea114168dd41bea37d308

  • SHA256

    d236f3f7914e5ed1ec440c0e7be9e900ed6b43f736d5d6216cc750dcc7280233

  • SHA512

    23958aac7da0fdbe025d94b296bfb73d42a417845feb20d6377c07bbfdc71caf7eb2bc6a11f584216c45a31b6bac862f2b48efc9028134dc7a2859e54a1acc50

  • SSDEEP

    12288:4Wgf+AocYQG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bxq4ca7QTgJ8ePN/P5uO7GLvHc:4WgGXRQG4GQm4OaHYJ8eP4D5uOHBBU4F

Malware Config

Targets

    • Target

      VirusShare_e8b486e46f4b875b6429f3272aaa7df5

    • Size

      657KB

    • MD5

      e8b486e46f4b875b6429f3272aaa7df5

    • SHA1

      636dfdb576a78ffc59bea114168dd41bea37d308

    • SHA256

      d236f3f7914e5ed1ec440c0e7be9e900ed6b43f736d5d6216cc750dcc7280233

    • SHA512

      23958aac7da0fdbe025d94b296bfb73d42a417845feb20d6377c07bbfdc71caf7eb2bc6a11f584216c45a31b6bac862f2b48efc9028134dc7a2859e54a1acc50

    • SSDEEP

      12288:4Wgf+AocYQG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bxq4ca7QTgJ8ePN/P5uO7GLvHc:4WgGXRQG4GQm4OaHYJ8eP4D5uOHBBU4F

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release162chaction.js

    • Size

      859B

    • MD5

      8ae0b4e9fe1f8774d3671b07e6c1a541

    • SHA1

      e79fa29d7c6221253fae4100d3178c533058f722

    • SHA256

      8928fdb319c08f7c7f62431d6b141f765de9686ffbc620378a4d7b080d3562ab

    • SHA512

      9eb425be610c107321a022951677a75d1075268558710d111d32b3fe22b4729de4ddab886f4da0faa40d0bb93f7a15b4785e80ebd03faf3e174d0e0202d2eee5

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release162.js

    • Size

      762B

    • MD5

      825e533da1bd60acce771bc4ca27c0c1

    • SHA1

      b34e41d82b743d7585d8ea05fe9ce35f784775aa

    • SHA256

      a46d847db5418af4cd873439883ff3864b4350c6ffb5e916915055dba19cd4cc

    • SHA512

      1dbd7dfb8be5062a33b69dd9300b83af779206de7c8547e4eea2dcc4199a85bcb27a40038003ce7d7c3126b9affd78650f18ba4895acdff8b5cfd10d680a546d

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release162ffaction.js

    • Size

      698B

    • MD5

      1703dfc85f0f3ff131f230ee6a0a2e57

    • SHA1

      4316a0be7122d586d9fd44fb4baaae2cc4bc21dd

    • SHA256

      507cb30b01ab2616063e2eaab4bbb896550b63721c066aac6b25d059279f888f

    • SHA512

      6aa61bbd885c59a031d4daa914073ead530bef86f638ce15dfedfaa1b9f5bbc244f2d145728c25606f98f425173f5c3e9ff48920f1ec0a25ff143f5bb19c20f5

    Score
    1/10
    • Target

      ie/RichMediaViewV1release162.dll

    • Size

      85KB

    • MD5

      cdbbf6a7dddbfe100195d8322fb10154

    • SHA1

      4eeee1ded970242e41dd6fe7e3ad421bf42d22bf

    • SHA256

      918ef2ef0d41ff7d75c8117b90ed408a8525f7df13e53a86cf43c8f2221d614b

    • SHA512

      2ceb21179787d4339fff47fefda3806799c686ad6c14b224224d51db0d1b1b2450707a735ea1a542ff9f3f68c99a9dca08390b49364b0e8fd27960bd2b1f5f2a

    • SSDEEP

      1536:Jkf9Csc+EE7Msd5N60GlVk8jkrwSRnqLhPLlQgliNBZ:a9++EEwsJ6FlVSRnmaglid

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      4877d48ebfc5cb06aed893a6bffd7958

    • SHA1

      b052762d4367aed0f77b3857b4ebe0fd913e49f3

    • SHA256

      459e3498d129ca6c968e7594df7e9938eabc1fe51e878bf0a1fc3a4cd3dddfff

    • SHA512

      857832ca130c19e745966c5ecbc6c610c717c77f577c2a58a259b05ac2eb052f22ff4e141956ee63e4f01bc769539ab17dc5cfcd92dff2fd33d706e9bb26b36f

    • SSDEEP

      6144:Ue34XERg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmW:mEq4OaQQTYJ8eP4/L5uO7D3f5B3

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks