General

  • Target

    VirusShare_99decf9be5148371ddeec546133eeeff

  • Size

    634KB

  • Sample

    240204-tk599adge9

  • MD5

    99decf9be5148371ddeec546133eeeff

  • SHA1

    4d42630104729dba5c7c79e7fd7b01e1a846355a

  • SHA256

    b43f0674c30b36431d60816c5bb61c637c4c4e88db4c7b21f03d825f57bbe568

  • SHA512

    235ca49cc7ac1a0ee84a935139dc843988fa5f44416908414c48be50e1db3ffe871b6e8abbb43b82d36e3eae7e74827952d9cf78fb87dc009fd2b96ba92218ed

  • SSDEEP

    12288:zhsEopG4GjeZHkwuPikQ7lKH5p5H9x1jeZHkwu/iJQ5lKL5p6CsQzuPY6:zhsvG4GjeZEXi37l6Br1jeZE3ie5lYyh

Malware Config

Targets

    • Target

      VirusShare_99decf9be5148371ddeec546133eeeff

    • Size

      634KB

    • MD5

      99decf9be5148371ddeec546133eeeff

    • SHA1

      4d42630104729dba5c7c79e7fd7b01e1a846355a

    • SHA256

      b43f0674c30b36431d60816c5bb61c637c4c4e88db4c7b21f03d825f57bbe568

    • SHA512

      235ca49cc7ac1a0ee84a935139dc843988fa5f44416908414c48be50e1db3ffe871b6e8abbb43b82d36e3eae7e74827952d9cf78fb87dc009fd2b96ba92218ed

    • SSDEEP

      12288:zhsEopG4GjeZHkwuPikQ7lKH5p5H9x1jeZHkwu/iJQ5lKL5p6CsQzuPY6:zhsvG4GjeZEXi37l6Br1jeZE3ie5lYyh

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home911chaction.js

    • Size

      829B

    • MD5

      78618e61d33fddcbde39019135d09fcc

    • SHA1

      bdffbfee14a88667c43177900ef0e7f40b8a2484

    • SHA256

      adb9594dc429a22e5bfa889beb6cb3c90bc7e893b96760e2d1a57e5b6f2a128d

    • SHA512

      fbe098430bcd0b5a8847f298241df3aace9ba367f0a2eb34e264e531a1e4ceeac1a6f1fdf9d250edc40fa1b8f2f1601d3957b0a0d4f203bc69ad9b503cb005a4

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home911.js

    • Size

      744B

    • MD5

      ae3cfa04b5f807266606aeb4f05eea90

    • SHA1

      5124ef9de07feaa2ae9b2b8fdae990f7f7453f09

    • SHA256

      f67ffb5604caec50d34003029ef613e991339662e2fe342fd0de5b056eb30ba7

    • SHA512

      afec47a9fdfb976984875bb4b6782a7034eccc595534a9eb263b201e88df6f4d19d732afff4390a7abf7d44ccfc9f8d6aeb07a0b96cfeda586fb9e27672a40f1

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home911ffaction.js

    • Size

      674B

    • MD5

      d2fc78465bc687a2d4f2de311da6298d

    • SHA1

      1cbf045ede00a3cf4c5de50af1349971ccc6cb92

    • SHA256

      edd9ba486221537b9cc8873c7d452ff9774180477652b9f69f1e00aa20fe6abd

    • SHA512

      0c05684d31770666b6a279ce36a721d8f5cbee90a57a6c77a144864b82f28df4c525d4b02549e6e4e525cd5f345ecb7db06364cec1fcba27c1ebece1e2f10717

    Score
    1/10
    • Target

      ie/MediaWatchV1home911.dll

    • Size

      85KB

    • MD5

      66875ca5c2d36d8f20d0701c1f286e43

    • SHA1

      5fa0219bfce6e248d8f09739ee8352a493854890

    • SHA256

      aa470b9e75a3092a7d7470ebbba5296b81a74f8210f60dd308dd15d47a885e1d

    • SHA512

      dc7ace0eb3e5172d3cb98c54623c55ad3b176d1e039c2295f3140d123d0d4ead4af02c96c7513828aaab4ffb53a79ff26f5bc42405cc32f4a3570a52af376750

    • SSDEEP

      1536:9n/1CsEmkaMAvtahrOb8DktVwHA9glQvB5Zl:V12mkaMAlahrOVwguavB/

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      086fa376a751dedc350605ff4b9fdb53

    • SHA1

      b29c0836429d1401717e17989ff21817940ab25c

    • SHA256

      6598ae507a17ce22ef431cbe2e1c289eb3e80eb6d439db965bd6d1bf10c9de74

    • SHA512

      974754261d36813aeeb1a8893ea106365ade44a5f8854dbea6bc38680b1ab55311d06dc1f5912a49a4c727c1dab5664450d3a79b6fe201aac07e590d8195617a

    • SSDEEP

      6144:Ee34kIOpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1t:hTeZHkwuPikQ7lKH5p5H9x1t

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks