General

  • Target

    VirusShare_01a9d166e6f35c7fb1c59c5c6477f4c7

  • Size

    634KB

  • Sample

    240204-zjx55sach8

  • MD5

    01a9d166e6f35c7fb1c59c5c6477f4c7

  • SHA1

    9a38a8a81af5d137607d20bb1e3239317ec56a34

  • SHA256

    77d0aa333f99bf93058b2c9bc5ee313acca611932f3cc31ef136799f4c0b31d0

  • SHA512

    2236d477b5925fca23712d278c7aafa40634218a5f07b7f3c1b33a3e45be2039087ad49b261bf25820aee7e226de16f4dcca0d5182b72bf8b8f0200f62e52aeb

  • SSDEEP

    12288:eilrZXXG4GjeZHkwuPikQ7lKH5p5H9x1PeZHkwuDivQhlKL5p/xlolfZ:ei1ZXG4GjeZEXi37l6Br1PeZE7iohlko

Malware Config

Targets

    • Target

      VirusShare_01a9d166e6f35c7fb1c59c5c6477f4c7

    • Size

      634KB

    • MD5

      01a9d166e6f35c7fb1c59c5c6477f4c7

    • SHA1

      9a38a8a81af5d137607d20bb1e3239317ec56a34

    • SHA256

      77d0aa333f99bf93058b2c9bc5ee313acca611932f3cc31ef136799f4c0b31d0

    • SHA512

      2236d477b5925fca23712d278c7aafa40634218a5f07b7f3c1b33a3e45be2039087ad49b261bf25820aee7e226de16f4dcca0d5182b72bf8b8f0200f62e52aeb

    • SSDEEP

      12288:eilrZXXG4GjeZHkwuPikQ7lKH5p5H9x1PeZHkwuDivQhlKL5p/xlolfZ:ei1ZXG4GjeZEXi37l6Br1PeZE7iohlko

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home398chaction.js

    • Size

      829B

    • MD5

      0a3a3bdefa34f0a6e3ff83fe3cfcd1c9

    • SHA1

      4a00bcfb3a077886f4de9e590746025b49a4300b

    • SHA256

      afa5110bdfd97306fa6d36247e381e621e0c0ca6f2d5a8be391a8781a0868664

    • SHA512

      f6515bec3384e3551dc1911bebc568a84863420a43934dc0a2704f8cfd6285f215509eddaa54902daeecd210a73e2c8060bb2644a4a3f2e8d94b3d5112add24e

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home398.js

    • Size

      744B

    • MD5

      c2e966f25b9ef2475be767625ae560be

    • SHA1

      27b30ccbf80a4ba4cccd62898b1f263b812ca689

    • SHA256

      1cff6a9c4678ce53421399834d7bc06a8f7e9e37e94bc3b3d7d84619a67866e0

    • SHA512

      5027e59ffe85919eeb24cf56ce847dafa60018ecc5f0fb87476999867f8fb72c2d0e5990ff79005c993fdc2c1677e382e08c9c28b68576d1acc4ac84ab9407e6

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home398ffaction.js

    • Size

      674B

    • MD5

      56e7a8cba56555527cf0e642b1be42b6

    • SHA1

      d323ffc4df4224bd753f30f5b37ed1379793e27b

    • SHA256

      7183f83cc1eaa0e87e41e21703a3bd8c2b0864bd4d0d6e50afc244d70574fa30

    • SHA512

      8c986209b281ac829eab36dd96f86b535b794ee570f8fe406d0a4392410b85c6024bd0244e042e2d13997ac27243e6c35f6b4df49dac5054e81b08a150316bfc

    Score
    1/10
    • Target

      ie/MediaWatchV1home398.dll

    • Size

      85KB

    • MD5

      f5fb453932da9b7b127a98abb904bf3a

    • SHA1

      f9740194c895857e9315a84dcef8f196b07ad7b2

    • SHA256

      897eeb08dc4dc79f3f03137655e7f54802eb4a84cb7cfed61a759d9ddd7a9f29

    • SHA512

      40e07d14d858adf0c57cec090545bb19c7fbf197a030f02fd6917c5c4af992ee1871a2526e5130a5cc5d4e5de42630ee5250b414767dc9ddfcbe14ed9cea73bf

    • SSDEEP

      1536:Gn/1CsEmkaMAvtahrOb8Dkt0qHA9glQiPKwt:i12mkaMAlahrO0qguaiPr

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      f2de538fbb34641aab5792fb0c53c2c3

    • SHA1

      71ed4271c3ddbdc57ef454f8548e7d7ef90f4d8f

    • SHA256

      e44320d1bd6209df3feca68c8261bf592941b51ca3adfdda9a68abeb9bfe116f

    • SHA512

      cd2d960e8e9fdb76ab4a3a6745ae8a08387b7adff658adeaffa558a167b970aa62af0896bc63622464813e12b25583167da173b0fc37764ab874aa481193ccb0

    • SSDEEP

      6144:Ee34dVpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1n:IjeZHkwuPikQ7lKH5p5H9x1n

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks