General

  • Target

    VirusShare_f93b3234d9a56e10df9debf539143569

  • Size

    657KB

  • Sample

    240204-zkt5wacddl

  • MD5

    f93b3234d9a56e10df9debf539143569

  • SHA1

    23ce816a4195cad52193d0e415bf3c13b9e59c1a

  • SHA256

    7015c43615bdd27d81798a6808b5c08edfcaf8908cbb4f7f515dd8f69a6a3194

  • SHA512

    4194fa9892cfa8d430b6f22214d590bf24fd380a1c91b1505cbcb315bbff2e2930a0aec40efd1f780d9efcfbd720fdd7336e955b4da083816205ccc381b4f504

  • SSDEEP

    12288:n0GKTKX0G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bpq4Ga7QT2J8ePP/Z5uO7FApmz/u:n0xTk0G4GQm4OaHYJ8eP4D5uOHBBs4GB

Malware Config

Targets

    • Target

      VirusShare_f93b3234d9a56e10df9debf539143569

    • Size

      657KB

    • MD5

      f93b3234d9a56e10df9debf539143569

    • SHA1

      23ce816a4195cad52193d0e415bf3c13b9e59c1a

    • SHA256

      7015c43615bdd27d81798a6808b5c08edfcaf8908cbb4f7f515dd8f69a6a3194

    • SHA512

      4194fa9892cfa8d430b6f22214d590bf24fd380a1c91b1505cbcb315bbff2e2930a0aec40efd1f780d9efcfbd720fdd7336e955b4da083816205ccc381b4f504

    • SSDEEP

      12288:n0GKTKX0G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bpq4Ga7QT2J8ePP/Z5uO7FApmz/u:n0xTk0G4GQm4OaHYJ8eP4D5uOHBBs4GB

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release620chaction.js

    • Size

      859B

    • MD5

      7ff2910d04e8d01c005047107be27b1e

    • SHA1

      25d1dbf6459fe2814840389e6cc8e09323faba20

    • SHA256

      abcc290d9dca3984d2a9fcf8afe6f3b5098d7e9010b233b41f1530875ed73fb7

    • SHA512

      fc4eafaf7ea1b0dfd754ffb2c49f8defb25de16ed62aa7806bf7916615b4a00287d44b8b8ebb6e8bd7027b5b7f60accf5349f66d4ea37f1c3a531b1b95f4d48a

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release620.js

    • Size

      762B

    • MD5

      aa5fea756bd4dcc3361e5d9af07cf9bd

    • SHA1

      42fe922fd8aab094f9c01aef618d66281412f66a

    • SHA256

      a3486f3062f48ec9c47909cf1039ce8d700c94a70d875b0ad6fa3db127b19f2d

    • SHA512

      f28c7be38782435a4c32bd73704e0de6819f66ff82998644df64c03d72c4ea65dbafa4e5e8e9497a3c3547b9cfd2d67f315be33747c22bb14bbc4cf1af64e06f

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release620ffaction.js

    • Size

      698B

    • MD5

      03efb4108b7c44d24e9114e38aa44656

    • SHA1

      f4befc56942891e51c4638f03498edcae92370dc

    • SHA256

      0f63079cfd0d905d6e08c89af0fd8faca206549432acf2b85132787b22db95bc

    • SHA512

      a176279102784b85e4d63adaa6a198fc48948ab2e4bc86fccfec19639e7f96356f0afb56018e48194cfb71f6652a6f0a1a103559b03f533a28e56b200617f75a

    Score
    1/10
    • Target

      ie/RichMediaViewV1release620.dll

    • Size

      85KB

    • MD5

      f2721040b2c0a243f5a13c436f87dca3

    • SHA1

      f3862fde4c2efb848846b66586be740829309927

    • SHA256

      a8067d55af68503d66aea5ca50b0a3fd9b101d683ff16fe165d6bb08422ad319

    • SHA512

      b5bad57b3d4c99cff8ca7ef0320e30353cc185bd6e0b5b087b1283138f088e47ff73cac4190c4d794c5f1da3d464f41f8b4a0ffb97506fb1b5d995e733388461

    • SSDEEP

      1536:cU/NScAE87Ms/ZN60/lVk8jkLwKEnqLxPLlQ06FDZ:vNCE8wsj6YlVqEnWa06FV

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      762ee1c966a0f06c72d9b26a58f19495

    • SHA1

      c2441b5cf076447c21ea7f87b8a98e4234e55539

    • SHA256

      577c2786c26afcf56db9cda7f491be8d1887e932673fd6caa9d578c166e2efb3

    • SHA512

      d02cd36097e793ffbd4d26596d1ee70c4f093aaca1d0850433ee39876db964487c7cc91eed8e9ea6d025406f9792dc4f6ef5baf1f8b671d74b7498f28cec0f82

    • SSDEEP

      6144:Ue34o0Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmB:l0q4OaQQTYJ8eP4/L5uO7D3f5BI

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks