General

  • Target

    VirusShare_a93bdebbbe27422cf04a5eea807a6621

  • Size

    634KB

  • Sample

    240204-tmha7sfhhj

  • MD5

    a93bdebbbe27422cf04a5eea807a6621

  • SHA1

    b22f52528c140d24b7b8fb73155fc42043f0dcd6

  • SHA256

    38357f3ae86bde628459f73d4aeb243f6d07a0c358217def08513c2e006dbeb0

  • SHA512

    eb7228beab3fa1415b6b17b9d2d40b04f03f91c8ac722a6d67034cd463fb91da067f551a58b578bd7a004f8c2c9dbf331e01028f47294ce75c24e74b17c2d79b

  • SSDEEP

    12288:sVeJIfG4GjeZHkwuPikQ7lKH5p5H9x1FeZHkwulizQ1lK55pGxlXTd8zbB:sVicG4GjeZEXi37l6Br1FeZEdic1lmOG

Malware Config

Targets

    • Target

      VirusShare_a93bdebbbe27422cf04a5eea807a6621

    • Size

      634KB

    • MD5

      a93bdebbbe27422cf04a5eea807a6621

    • SHA1

      b22f52528c140d24b7b8fb73155fc42043f0dcd6

    • SHA256

      38357f3ae86bde628459f73d4aeb243f6d07a0c358217def08513c2e006dbeb0

    • SHA512

      eb7228beab3fa1415b6b17b9d2d40b04f03f91c8ac722a6d67034cd463fb91da067f551a58b578bd7a004f8c2c9dbf331e01028f47294ce75c24e74b17c2d79b

    • SSDEEP

      12288:sVeJIfG4GjeZHkwuPikQ7lKH5p5H9x1FeZHkwulizQ1lK55pGxlXTd8zbB:sVicG4GjeZEXi37l6Br1FeZEdic1lmOG

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home1095chaction.js

    • Size

      834B

    • MD5

      8b5e34a30d065f475a4d4bc9390bf610

    • SHA1

      0897d10da5eb01a44f30a07238dac9c40423ed2b

    • SHA256

      7ef5cc8b0df7dcbd1cb3e5e9572ce4f6ff6c835ec2c141004099beff05f11edc

    • SHA512

      297cfdcfd43fdb36bdf7c843e9ffe07339077956e2a2101a9e4bee47701ed2231c7d30db50ff6b9c8a72021325facb93959457c7389fa6169665423a24bbadbb

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home1095.js

    • Size

      747B

    • MD5

      7625af66576122c23188513fce1243e2

    • SHA1

      60f81e421c038730e08ff09732a41f89fb7fff72

    • SHA256

      8dcc48f0e25841d69a1e7b4edf598805c2322c0e8b077c41fb94c8e044cb1bc5

    • SHA512

      aed43f8c11bc518b9626bb492093366134d2236613443d01033f935931f57b2ffce49d4fa8190121428e391f7063b878a87de7647ea89707d6b4e62576396355

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home1095ffaction.js

    • Size

      678B

    • MD5

      997808617a3c23bf64e6fb16634e6612

    • SHA1

      773dad93315cda8871461246913d21ceb03c3e9e

    • SHA256

      f6b98d8780ea12ff7da5f3457361950073050e2b8b5b132f94412b54c552a455

    • SHA512

      ea8abc45e3ea09e420049cfc43085af90a179d87ad0e5c05c9bb6742bdb258c945eaae7e6c24abcfede80cb0914adb282d4f8a4415f0ff39733e8a0159c9216b

    Score
    1/10
    • Target

      ie/MediaWatchV1home1095.dll

    • Size

      85KB

    • MD5

      367e3723cbbda9dbeef0226b0557a607

    • SHA1

      54397704318f943c19e165a6d11597f122d8d469

    • SHA256

      fec65625a8ea92d5b9165d3585d3a735ebeb1dcc158f7f7676403c5daf7e772e

    • SHA512

      a2105b03408dd65085bcb876e52bcf15b2704830a905cc182235dece3e70e1cbf1c551a3ed1cecc327095e71cbd351e2543423fecafe553b57436019d20a219e

    • SSDEEP

      1536:mMflScQkG04RvxtakrOb8DkxqbHgNglQBgU:RlikG0EbakrOabA+aBgU

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      dc572d25477642cc27bc02bafc0cfde0

    • SHA1

      b486600ebbab08e5552505d579a22c322030aaf5

    • SHA256

      943a38cc998f2ebbc37ed351abd401a91398bc75b585b6f6bbe331c22ed643f5

    • SHA512

      982525fc930829022cff5b96b2206c7cb07c1b87d2e3704f6cfcd9edfdeaf22770b10999f8c938b1ebcc54ded51dece42e15b7902f8d988b6c912bd23d1122cb

    • SSDEEP

      6144:Ee34rcpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x11:aAeZHkwuPikQ7lKH5p5H9x11

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks