General

  • Target

    VirusShare_fc52e02c324aedf4f822d8a344b64939

  • Size

    657KB

  • Sample

    240204-thfltafgdp

  • MD5

    fc52e02c324aedf4f822d8a344b64939

  • SHA1

    bfa762d8e59a66698ce60cc804d1400160191bfc

  • SHA256

    49b863244b374c2953ae6f42e9c3e33caddf46195d3a6eb5c8e1bba3ed87eaa0

  • SHA512

    30fc8e1774ec0b82920e95adf309e735c7cadb2a5116fb5b8ae0119d1760684232a6c54f9a86f75434345dfc141c1e97f8caf3a2606163f90f50d657bd94d161

  • SSDEEP

    12288:MHW28SG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B7q4IalQTSJ8ePt/t5uO7EU26qBJ:MHWXSG4GQm4OaHYJ8eP4D5uOHBBO4Iao

Malware Config

Targets

    • Target

      VirusShare_fc52e02c324aedf4f822d8a344b64939

    • Size

      657KB

    • MD5

      fc52e02c324aedf4f822d8a344b64939

    • SHA1

      bfa762d8e59a66698ce60cc804d1400160191bfc

    • SHA256

      49b863244b374c2953ae6f42e9c3e33caddf46195d3a6eb5c8e1bba3ed87eaa0

    • SHA512

      30fc8e1774ec0b82920e95adf309e735c7cadb2a5116fb5b8ae0119d1760684232a6c54f9a86f75434345dfc141c1e97f8caf3a2606163f90f50d657bd94d161

    • SSDEEP

      12288:MHW28SG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B7q4IalQTSJ8ePt/t5uO7EU26qBJ:MHWXSG4GQm4OaHYJ8eP4D5uOHBBO4Iao

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release3977chaction.js

    • Size

      864B

    • MD5

      941b2b508d861173449099dc367701cb

    • SHA1

      9ee089f3685c2be094171d2c5b75d49bfec14e3d

    • SHA256

      051d551216380a7575b7abfcb256691ae8bea866f31572dd3220948058ace843

    • SHA512

      ff7150d4b0bd6f29440d22ca7b4be8c3d748141e928cc73f4160057c87557e94d609609f735a5219fc473f56b71003d647101a46b9675411116ec2fdfdb891e4

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release3977.js

    • Size

      765B

    • MD5

      7ab2c0396ad66645f5b77caf03f7b1ec

    • SHA1

      691581de93f7d65dd4616b938ec3873479974ff4

    • SHA256

      3ab2605bf0296ec12ae80cde230f24cd95a5c4cb2b8966905ce486215080a927

    • SHA512

      ce29b7c44d5c97ff0f29bf9385f2f6ef5ddbc1332fb1177aa98b81b27f7072aeb4b0b69e3b136943025dbfc21023d6b40185374a3c8a0da453531734b95b8987

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release3977ffaction.js

    • Size

      702B

    • MD5

      e449a3b20697fb8b000a854129366b81

    • SHA1

      94b41f0cb311a3761030c90b2509b8f5be5d34a5

    • SHA256

      f1258b2b11ff65617ee6836792797dc904ad4be7289b4318c798465670a4a50c

    • SHA512

      aa2579f47cf196819f87158bf54c1816cdc39d3b2fada268b86eaf61a14cbf4d5a7edd16f0f9cc22da11753f5335a17824e12e4d6d31cc6fceb77bca8a3571c1

    Score
    1/10
    • Target

      ie/RichMediaViewV1release3977.dll

    • Size

      85KB

    • MD5

      33221541f1e08823b3e3b22991e29b45

    • SHA1

      2dcd11c817c18b5fbe9cd99f072309d9027c2045

    • SHA256

      e2fbe5b381afe1cb3c4582a5ddb9075b16c9037ce6cd703bbbb9156a64013ce3

    • SHA512

      a212a96f6c7482b2b0ba10ecb36ff22748afbcd7f7f5149bde87297ccf31afae5257a1754e9a563cb84b58c455b66f0e4530cd895032862921b5f029db1f9ed6

    • SSDEEP

      1536:ShMWCsgyMIwP/t6hp1ZcTkrC5ZCTfLlQ0ryaS:fWKyMIwP16hp1SZga0ryH

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      d8a2ec24696d0d0db8e1e53083aef818

    • SHA1

      35766638521c86860ee012e8a0bcfffb46ad2218

    • SHA256

      f0a4cb20902d92085f7244f83123628aca3699b67df7ff10106c1907d81767d8

    • SHA512

      72b00e01b1871e9efd4e8ab7d296d3d4d8532401434d4d7ae2df9326cf2bcba72d73e625ac70e03835e0749c5d1288859cb79ad752116aed38601d1f46c98c6b

    • SSDEEP

      6144:Ue34r4Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm1:q4q4OaQQTYJ8eP4/L5uO7D3f5Bk

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks