General

  • Target

    VirusShare_f36ac7fe92af1b022706d3f38a491f80

  • Size

    657KB

  • Sample

    240204-s8t2fsfebl

  • MD5

    f36ac7fe92af1b022706d3f38a491f80

  • SHA1

    1f5a6ebace953091df4d1ffaa92b33fa73019eec

  • SHA256

    2a194c3d5a62b2ef02d04ddfe3b986bff84cd721645804b9e6a9fa16fd44ff1e

  • SHA512

    11bec16b7d6e1454d36fb3244f799464f359f6c60adca97fcb63894b21b8b81b50be0de213e2be624483ae1c2681f882fa8455cf29166cd9d431b26fcd3919b0

  • SSDEEP

    12288:4iXGHLKG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bsq4IalQTSJ8ePt/t5uO7EU26qBa:4iXGHLKG4GQm4OaHYJ8eP4D5uOHBBB4v

Malware Config

Targets

    • Target

      VirusShare_f36ac7fe92af1b022706d3f38a491f80

    • Size

      657KB

    • MD5

      f36ac7fe92af1b022706d3f38a491f80

    • SHA1

      1f5a6ebace953091df4d1ffaa92b33fa73019eec

    • SHA256

      2a194c3d5a62b2ef02d04ddfe3b986bff84cd721645804b9e6a9fa16fd44ff1e

    • SHA512

      11bec16b7d6e1454d36fb3244f799464f359f6c60adca97fcb63894b21b8b81b50be0de213e2be624483ae1c2681f882fa8455cf29166cd9d431b26fcd3919b0

    • SSDEEP

      12288:4iXGHLKG4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bsq4IalQTSJ8ePt/t5uO7EU26qBa:4iXGHLKG4GQm4OaHYJ8eP4D5uOHBBB4v

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release4992chaction.js

    • Size

      864B

    • MD5

      466fedb0ab0946e7f8e28118da8ecbd4

    • SHA1

      dcba12abdb2757bb6951349d531484bc4f4e39c1

    • SHA256

      623bf21e9ca9e6a603814e73376aef1ca6098b2406a9121919b0b353b33aa583

    • SHA512

      efe200c4306578cf1742ea38098370b8156ba5321b4605ba6578f87513c7521a527aab9732be3b089ad479261e9ef6b32eae465c7fefd97e32485a65ea2b7d5e

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release4992.js

    • Size

      765B

    • MD5

      3e8d808d3512a901fd790d5a7f431ace

    • SHA1

      5e91ccac191253a5da0dc8654885afde0471305c

    • SHA256

      867675913ab53b24aeb057b2fc2bf94aec2d90abfbf2d79c62b8aed8f214a207

    • SHA512

      bf75fbecf69c7a34530df474e21900d4c652b962595fd5a91c273d320ce8a5b1aa104a8d6a39a425ad15ea713794820ad5b2089306170f93a1a1a852fdc809cd

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release4992ffaction.js

    • Size

      702B

    • MD5

      048c29de96d4ef21da22da5f02e83ada

    • SHA1

      9bd8e44e1689378bec9a84ce8bdd3af05e511328

    • SHA256

      a86f876ed2b5707a52af0404b08313c630bfd0f7f7eeea17188d1115bf0c91be

    • SHA512

      8436f95ee46b4b556b32721dbfdcb74d7506cf8cabc280b75e4e3bd2d1a5ea27d8a36755455ef02b692cdafef37f2a98edaf5503f8706fd8b8571d39ebac93e2

    Score
    1/10
    • Target

      ie/RichMediaViewV1release4992.dll

    • Size

      85KB

    • MD5

      f88e12d8d5aff750bcd6e73d880bd098

    • SHA1

      ea9fbe1abd46747b18a0b279c90a09131a5c7a43

    • SHA256

      303b8bb5c34ae7bc977177b734f6f845650d4cada97caaa9a02c2694e4e76d89

    • SHA512

      8bf3f2f6c5765a14d81d756d7317ba3311dcab3ac56af9d08027bf90fd783ed4cb77f229e7fd768f0528f49b80503dd72b3491e9c17686b45c8b617aa0243e84

    • SSDEEP

      1536:ZhMWCsgyMIwP/t6hp1ZcTkrCBQCTfLlQkfsqS:wWKyMIwP16hp1aQgakfsX

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      6c635d94af00c62be7c2337859f2b84b

    • SHA1

      3525ad160fc22e59384f05ad6fc94db445713d53

    • SHA256

      cf91ed95e53662f7208db45053ffbf9ac2e38e709518fb526f205a45ff47ab63

    • SHA512

      e252f886fc73a9950a4072b27d1646a4e0f4a3fbb4ca9d9a93506ce67e38447afb1a2936b33cc5192859f32ac2633ee0f275a899100a66a291c39244179b19db

    • SSDEEP

      6144:Ue34XHRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm7:OHq4OaQQTYJ8eP4/L5uO7D3f5By

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks