General

  • Target

    VirusShare_ce8d30707359096b7c4b415bb2f859d3

  • Size

    634KB

  • Sample

    240204-zkep7acdcm

  • MD5

    ce8d30707359096b7c4b415bb2f859d3

  • SHA1

    31d9d4ac5ceaa18d19e93670aaa6722d67899233

  • SHA256

    f1f2038dabb3d3c4ec74d8bd99a0c09eaf5334bdaeb1da6a9312865c5cbf72c5

  • SHA512

    ab9e51ab52e694e8b7d2409c00dde41e22bc3c8b6b8fef076a95c3ac1bdf7d8243bfe9b95db2ef72290e9a9618737dbab251a232b045cf7edcf7a51049ce01b4

  • SSDEEP

    12288:ag8E7RG4GjeZHkwuPikQ7lKH5p5H9x1IeZHkwuzi/QHlKR5plCsQz3PYw:ag8ENG4GjeZEXi37l6Br1IeZEriYHlGk

Malware Config

Targets

    • Target

      VirusShare_ce8d30707359096b7c4b415bb2f859d3

    • Size

      634KB

    • MD5

      ce8d30707359096b7c4b415bb2f859d3

    • SHA1

      31d9d4ac5ceaa18d19e93670aaa6722d67899233

    • SHA256

      f1f2038dabb3d3c4ec74d8bd99a0c09eaf5334bdaeb1da6a9312865c5cbf72c5

    • SHA512

      ab9e51ab52e694e8b7d2409c00dde41e22bc3c8b6b8fef076a95c3ac1bdf7d8243bfe9b95db2ef72290e9a9618737dbab251a232b045cf7edcf7a51049ce01b4

    • SSDEEP

      12288:ag8E7RG4GjeZHkwuPikQ7lKH5p5H9x1IeZHkwuzi/QHlKR5plCsQz3PYw:ag8ENG4GjeZEXi37l6Br1IeZEriYHlGk

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home860chaction.js

    • Size

      829B

    • MD5

      52e05ff9e42008dbba76c4ae84f588ab

    • SHA1

      2a1cb1cb5a327d2b7968a3044359f3c0343d6637

    • SHA256

      6c61b14b77f00af2d10652827a430e4a9938392114773c7b819588264dab4343

    • SHA512

      f9e255ce43e86cb2c24ef7bcb4f59d273d73595ea20e5ee346a9c9d731df5f4d519de11547ec6970b1df97eaed8d432ae87c052c30635576080393cde8daf526

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home860.js

    • Size

      744B

    • MD5

      17afff6015a9aa3856cf91b016ffcd18

    • SHA1

      3c52b28fcc1d023ca2349415b5e6898c2f30789d

    • SHA256

      aca02c355045b1117de4bca8e50a3babe7306d24285abe93e9f733b04cf3168a

    • SHA512

      597aed4878336f5f5a0df381752fba526e93c12f8b78cae0709fd7f2e280fe5710b2ec2805821ddddd485961ab322f9757639a3fbbaeaef818e4e9b257b7ee3b

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home860ffaction.js

    • Size

      674B

    • MD5

      2e77de642c35a3f7a71d1355ed6f2689

    • SHA1

      0c249138d441122d51394859a525a9f068129606

    • SHA256

      2c4298c8b75886aacb9ff0ba9912a1de81d85402b96282175ca6b1d19668ee30

    • SHA512

      eff98718ce446a1bf39267267180de34d02e2a5ed21e1aa0eabe01db67ecda6aff1fdb5cc026130a5563dff06438ca6d4de7d65cfcdee4270ccad0fa86fd9020

    Score
    1/10
    • Target

      ie/MediaWatchV1home860.dll

    • Size

      85KB

    • MD5

      8c34b7d11fb189f0fe32011ad0bd3137

    • SHA1

      4c6aa885abfd09823ba02e21a10dc1e09b30196b

    • SHA256

      577297699dc45ac55964ec5f78d236a835155fa83644151bed3c4fb33ad0b3b2

    • SHA512

      1b12a94f9feb53e95f6a2ba19a5f9cef6709e5ae723cad22f1b67565c14a5f09911d6a347f0ec3fba3264e934ffc4e263eed384abd32cca61e8537c2fd14492f

    • SSDEEP

      1536:6n/1CsEmkaMAvtahrOb8Dkt31HA9glQ5X8Mt:e12mkaMAlahrO31gua5XJ

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      0fdef949ecaaf2494db682da9eb9ac7f

    • SHA1

      733bd1f8a46f0f49c65308479d7f9b90b068f289

    • SHA256

      aff80be2245d1f9d746e8782b7f112514204ef6cf40a21fbaf7a1c69b3ee763b

    • SHA512

      ba7370a2619cd13d26e741662be236ffbdd157692513c16081742d716918e22922ea0dfc393b0ebb1a480173073a85af13e49fefc557bf7bce97ab3bfb31c1ad

    • SSDEEP

      6144:Ee34pXpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1L:c5eZHkwuPikQ7lKH5p5H9x1L

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks