General

  • Target

    VirusShare_2979570d9b6f2a7f85bef096e7fbd855

  • Size

    689KB

  • Sample

    240204-tm7wvsgabj

  • MD5

    2979570d9b6f2a7f85bef096e7fbd855

  • SHA1

    dcbc8b3248fcedeb7acedd54eab131cbfb00c7b9

  • SHA256

    b0df4fe2b1194649fddd69937576acd03d26d8490d0aa2683fda1abfff63f4c9

  • SHA512

    0df7f8a2e3205730980cfb988e06b2bfca21b5904f349e54aa83061b779a84952bc8dc0ba1efc366457efa1e10c99ba8a73d91cad53533feee8fecdcf2e9b8cb

  • SSDEEP

    12288:MEiISTgJG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDdjeKuVOvjr+N8GLwwi5n6Z:MTEJG4G37tUnvone83Z76bMHxxtUOvjG

Malware Config

Targets

    • Target

      VirusShare_2979570d9b6f2a7f85bef096e7fbd855

    • Size

      689KB

    • MD5

      2979570d9b6f2a7f85bef096e7fbd855

    • SHA1

      dcbc8b3248fcedeb7acedd54eab131cbfb00c7b9

    • SHA256

      b0df4fe2b1194649fddd69937576acd03d26d8490d0aa2683fda1abfff63f4c9

    • SHA512

      0df7f8a2e3205730980cfb988e06b2bfca21b5904f349e54aa83061b779a84952bc8dc0ba1efc366457efa1e10c99ba8a73d91cad53533feee8fecdcf2e9b8cb

    • SSDEEP

      12288:MEiISTgJG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDdjeKuVOvjr+N8GLwwi5n6Z:MTEJG4G37tUnvone83Z76bMHxxtUOvjG

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    • Target

      ffTrustMediaViewerV1alpha6001chaction.js

    • Size

      869B

    • MD5

      4d041936247e70ecd90a69abb6161b28

    • SHA1

      3d45d18540eb066c48cea816c9f5ee73a6f0f7ae

    • SHA256

      a40276863e1c61da271ea051b53448cea1860c4ce581e39223cb8844c68f5220

    • SHA512

      a1344e009a503dde0eab30839c6fc1dc6913146bf029d7bd5aaafd1444435e54376df3b791016b187853f2c96cad944f00b993430544b08f2b4876f1f164a25b

    Score
    1/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha6001.js

    • Size

      768B

    • MD5

      bd44ec15a1f317ee42900dab980104b0

    • SHA1

      6548b6bf2adfed3eeb95c6260e43f8887b2230b2

    • SHA256

      b01f14317b8c38a90ce2e8f15ebed7d37e657df6f07f7d2d404ac2d7545c8f74

    • SHA512

      88b8a4c3d73880a447f72e3f72e118203a50437a49e4a6694d32ab4f624984298d654e1d5cbe6112de529db52c5bea58a50dd337a45c796c78ddee22db615fb0

    Score
    1/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha6001ffaction.js

    • Size

      706B

    • MD5

      58f7a712882945ad81fdf33cd56341b8

    • SHA1

      cb2067c71359841c46a4bf4b10f22825d3aa6eaf

    • SHA256

      cd66df51e7b7fce4d8d3cb0bb4b453f5400fd53612c00d2ecb91d9998df3fb37

    • SHA512

      b0c640f6af07e5adb7bfd4e2ac2ce7c7e3fb5d4963c4db3685652de02ade0a5533e8b94310c12e3daad588f155e92f89662b989d06f23c42f01ac652e6a341af

    Score
    1/10
    • Target

      ie/TrustMediaViewerV1alpha6001.dll

    • Size

      85KB

    • MD5

      3c00fa085e25db9be961ec812a61cf13

    • SHA1

      5229e89f266dff9f042c4ae8519f64aa69b7a522

    • SHA256

      f32b01931bf04c168bbebd1621856c5dc8632c8edf6d70d6d4b2302f1f3dad55

    • SHA512

      44fb77026cfec61fd7ee068caee250fa44d14f69f094a84f2a58ff61c0c1bce85352413a016ec054c9bcec016ecca58a36574df5dea71ea01e602764d8f0d58c

    • SSDEEP

      1536:BpMGCsQis4EnvtKx+kNp8Dkbw518DOslQPNEjW1x:AGais4EnlKx+kNbw5uDraPNEjW

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      ie/TrustMediaViewerV1alpha6001x64.dll

    • Size

      100KB

    • MD5

      db6233fdf6836c55cc73861084cf055e

    • SHA1

      916bc414e3d8df951133da589c0d63e18cfff7d9

    • SHA256

      0b2627b2514690256610cf2776baf6d64dd4c1714c5024d4c6655056faec5c05

    • SHA512

      8aebd7f514de579aa41e8597a13a9e1ebb143a46fa12f404fc8ce6fef34709c91e55f27cd75de58236366bb00b5e240bfaea8f0c79ed6ef886413872bc3d4243

    • SSDEEP

      3072:ZBjCnTZPjGSRzBHsQnTfGNAjJUSWfzQBTWNF9jZW:ZNCnTZPjGAlHdTONAjf+vd

    • Registers COM server for autorun

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      295KB

    • MD5

      6df760c9b29507b4ac9edff39ad8ef30

    • SHA1

      020b3a0d47a1437da6f67f04e6faab3a3f4b8687

    • SHA256

      2409f694d34aa4f8617ea40e784ebd27b76f02d2ebda5a6f4f38ba2c44785988

    • SHA512

      5a00acf2bc68a5055e34bfbfc3cfe052e47b7be6bde8f0f418db8a74e46929a7772313738cb44284996e5affcbd713ad45a6051454c949190ffd696521ebd6ba

    • SSDEEP

      6144:Ee34b/jKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtEC:q/jeKuVnvon+N83LwwiAn6KkM33nxDP

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks