General

  • Target

    VirusShare_4d6090def7468fc02c70c203a9894256

  • Size

    689KB

  • Sample

    240204-th8btsdfh5

  • MD5

    4d6090def7468fc02c70c203a9894256

  • SHA1

    d4a0e1e3bb2f750b94a5eae796f94a4044d078bf

  • SHA256

    3e1215be235134c2dd181f595cda96436fb66773415856845f21497d1eae0183

  • SHA512

    4dfe6e0562a528cab890626952828ce7f0d0f4ce1632c3d2ded350cb152c97c87f69adfb6b17b31d521456629e7dea1b48f274dbf89c053e686027fde1909b92

  • SSDEEP

    12288:zm0PviCsSTfdVG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDkjeKuV8vzp+N82LwV:zJ5H1VG4G37tUnvone83Z76bMHxotU8X

Malware Config

Targets

    • Target

      VirusShare_4d6090def7468fc02c70c203a9894256

    • Size

      689KB

    • MD5

      4d6090def7468fc02c70c203a9894256

    • SHA1

      d4a0e1e3bb2f750b94a5eae796f94a4044d078bf

    • SHA256

      3e1215be235134c2dd181f595cda96436fb66773415856845f21497d1eae0183

    • SHA512

      4dfe6e0562a528cab890626952828ce7f0d0f4ce1632c3d2ded350cb152c97c87f69adfb6b17b31d521456629e7dea1b48f274dbf89c053e686027fde1909b92

    • SSDEEP

      12288:zm0PviCsSTfdVG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDkjeKuV8vzp+N82LwV:zJ5H1VG4G37tUnvone83Z76bMHxotU8X

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    • Target

      ffTrustMediaViewerV1alpha1078chaction.js

    • Size

      869B

    • MD5

      7fc4112bb53c2ec3d3b48aa560c1da8d

    • SHA1

      f1017810ce26399597dcd5a6f6aeb8ce777d1e91

    • SHA256

      613e5c486004086c216613c1c6f92cbb5be5bcd273f0ecaa7734ce5fa97d128d

    • SHA512

      4c34e0fff6bddfa7123b2d2385fb1a99daa3e448ece572913ecf2996f78a718c91c097070782c566c979ca8d7285903caa109fe87077ca6ed89be71a1f5093f1

    Score
    1/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha1078.js

    • Size

      768B

    • MD5

      fd012b731bf3582803303fe1fe09c9d4

    • SHA1

      7e5c4a07c1e1849a1b1947f4a4eb44ac0d2e59a8

    • SHA256

      708f4c9d89fd694294d40e1acf3254c7a3a59e158fd4746bb988b8c89563e7d2

    • SHA512

      6bede505598041754b53860ccdfc47c9f5731da9e4d6f28d5342387887b40b97b86aff53ad964aac3ab66ab417b370c143ca130a0dc4c25573187c0655698e7c

    Score
    1/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha1078ffaction.js

    • Size

      706B

    • MD5

      206764a5f6c8baf9109e5268bc3f2b38

    • SHA1

      ab00c7c729c07666f9b1e424568a3e086ee08d6f

    • SHA256

      4ad5877f831e1ba10306572a4ead6141b303b68063460635c515cf0a1c88b467

    • SHA512

      8ee1f3360a6f6a799b94ba006d87b05ec423ebe0946005b7755e29e4c312e956ef6d7a76544715e352332f1d4bce4d30e57902619c6b7de263fdc423700f33bd

    Score
    1/10
    • Target

      ie/TrustMediaViewerV1alpha1078.dll

    • Size

      85KB

    • MD5

      86ab6b0bdb83322fe8c7f939b3759020

    • SHA1

      0abc91598901c066dd9c4b9600835b5dd0cab7a3

    • SHA256

      cb761a7ab59975bd000a3acf8ff9a7e03b6ef9e5f2e5595861546f9b4b124e9c

    • SHA512

      af2b7f4c0d60ffb297369df246b4ee4abdb7e18ba62830dbe6d1147f4ea44e9026c9a1b82295c31e6a08f9f8a4c15d3a8661d860b9bd5b215b6b5f7dd598eb47

    • SSDEEP

      1536:spMGCsQis4EnvtKx+kNp8Dkzb518DOslQLnjZlx:pGais4EnlKx+kNzb5uDraLnjZ

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      ie/TrustMediaViewerV1alpha1078x64.dll

    • Size

      100KB

    • MD5

      8e9ecdcbffbf3e097717aff7ba2de75b

    • SHA1

      be9840892c0ab203c813ffa3fb3170c674c7598f

    • SHA256

      2071ca0bef94f66ed5851180fbdb18bd484aac2fccc3a10b56171e6911ddc388

    • SHA512

      3c72dc561279a0f6fd1e9e31c1cc2cc956b5fa011d7ea5dc343da2bd31b1e4892c217fc65062d31eb31d65094f387f55446579fe6079524f6705b5d01b619720

    • SSDEEP

      3072:mBjCnTZPzGSRzBHsQnTfGNAjNDSWfzQBTmvF9hZ:mNCnTZPzGAlHdTONAjUsvh

    • Registers COM server for autorun

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      295KB

    • MD5

      b741724d8cf813fe300f1f5b6db28312

    • SHA1

      fbcb0e644465090430f3945e27ff87812b754f19

    • SHA256

      852f08797d1ae83cb293b1ebb3e1a924348cefca7b8086210d302b4898e1ce3b

    • SHA512

      95aac3b01ac9de79653439e27e6eb1fe3776df7c535104bd9d68f90ca9b610fcb4927a6bfa02767d9ffcd0dae70a0702fc99f6236bd91ad7443f29c840243abc

    • SSDEEP

      6144:Ee34k+jKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtE1:B+jeKuVnvon+N83LwwiAn6KkM33nxDA

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks