General

  • Target

    VirusShare_a1107692677a725717ca0eeb5aae10fe

  • Size

    634KB

  • Sample

    240204-thp59afger

  • MD5

    a1107692677a725717ca0eeb5aae10fe

  • SHA1

    4db85b1567172a66074784c9c06dd55537bb81e5

  • SHA256

    3a1c376a8707d74732421624fbfa9ffebf316cc8e34340eb6aeb4a69bb952844

  • SHA512

    72e47540fc73f63bec9b34c5592b21244a9721c799b101da50a21bf2ef3f4bf90a10d738dc046c308be221e151e9a4c2081a25c80c67448547b9f3f10beb2792

  • SSDEEP

    12288:0v218evyG4GjeZHkwuPikQ7lKH5p5H9x1reZHkwu/iJQ5lKL5p6CsQzuPY0:0XzG4GjeZEXi37l6Br1reZE3ie5lYyC2

Malware Config

Targets

    • Target

      VirusShare_a1107692677a725717ca0eeb5aae10fe

    • Size

      634KB

    • MD5

      a1107692677a725717ca0eeb5aae10fe

    • SHA1

      4db85b1567172a66074784c9c06dd55537bb81e5

    • SHA256

      3a1c376a8707d74732421624fbfa9ffebf316cc8e34340eb6aeb4a69bb952844

    • SHA512

      72e47540fc73f63bec9b34c5592b21244a9721c799b101da50a21bf2ef3f4bf90a10d738dc046c308be221e151e9a4c2081a25c80c67448547b9f3f10beb2792

    • SSDEEP

      12288:0v218evyG4GjeZHkwuPikQ7lKH5p5H9x1reZHkwu/iJQ5lKL5p6CsQzuPY0:0XzG4GjeZEXi37l6Br1reZE3ie5lYyC2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home572chaction.js

    • Size

      829B

    • MD5

      644008d681a4ec504ecccd801d027f76

    • SHA1

      7ca1375290a4653d0c4ed8ad67590e03fe2b3832

    • SHA256

      99b0e85934444c87558567f016384aefdcc7a3e306690dc3a55a0dda7481c04c

    • SHA512

      b2cdc9cab44adcad8634f7628e6f8f91d7416302aa872db759974de0ed4c1950aa2c6c8e7750b1b5ab6b972a0bc4b8ce876b0ec0230581bad56d88594b65f75e

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home572.js

    • Size

      744B

    • MD5

      9ca56067652fbef656e0819b9d32a635

    • SHA1

      bfbaa4df5f8a25f250a112f2b5ab9edbdaa04b22

    • SHA256

      c1421b59c41d0e9b9d037e69f427dd367eb31493404ef1f6ce1082f83b9014f3

    • SHA512

      85d7c90b165df562bdbe804065eddfe21bfa2b00dfefb96d52e63591ba67bd35b482cb9358f70eec0f24a2c37dfa262406ee31b029d01b07ed959ac3474196d9

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home572ffaction.js

    • Size

      674B

    • MD5

      a52835ed08bdd3550f1f1375e30bc91f

    • SHA1

      02ad03970db701140f8222ff6723947ab1203290

    • SHA256

      2680815eb3ffd2f04df9155720317fedcc32e827ef49c3f7a06684510586bea2

    • SHA512

      c2d9b044e09085119f47980c4ca6d2f7b824052e62835b232559b2d24eca6c10471c2f23af308fa060df9c964f9637e9e92081b8bc7d17eed6356c57c40943e5

    Score
    1/10
    • Target

      ie/MediaWatchV1home572.dll

    • Size

      85KB

    • MD5

      9e389f375800280bbffdcabce48f361c

    • SHA1

      bb001116eee505d9479d66d7e5c92e0dde98af18

    • SHA256

      3d34911d2af6b41eba3e189e052dea5693549cd5dd999d86f4be97eea60013be

    • SHA512

      f2d27554c3c0183491b92af4627569f57728b490956810cdad8c7def9598db83d76eccf596ce703a9d493002f7378e75f51ce194b85ec4899d3622e8a328a0ec

    • SSDEEP

      1536:nn/1CsEmkaMAXtahrOb8Dktoq+HA9glQGfW29:/12mkaMA9ahrOo7guaGfV

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      3cce3d376bf04652a6f96bf479488b19

    • SHA1

      f4b2427d790710d9731aee6ca617a5c6fe1ede1b

    • SHA256

      a76e3b7ec9a29237933bb915454b31e28a2d80dcf923400f14f9fd04cf913c24

    • SHA512

      3f06acae4bc809cd72153405169b6932d6de2b61dd77a66759bcb180803b6fb37855480dfb2223282dd119da54ddc0f16d4361c6b60a9d51fcf0a8e5909e3f14

    • SSDEEP

      6144:Ee34j9peZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1Z:S7eZHkwuPikQ7lKH5p5H9x1Z

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks