General

  • Target

    VirusShare_85c42cd8cef1756ad866c578331ee042

  • Size

    657KB

  • Sample

    240204-zl1ztaadf3

  • MD5

    85c42cd8cef1756ad866c578331ee042

  • SHA1

    3c5c8ba27479784788f1b1e4b93efc6744500315

  • SHA256

    d1d7ff6b28df9019a2001eca4869870b965d3195adf6e85c669f555df62c1d6f

  • SHA512

    0edd191c62288c66222cfb36f85634e1395a47e666674ef1f92546fb0d97361d4681681d49319df24aa1bc699f817841db3a413e3be3890563f2cd2559a02624

  • SSDEEP

    12288:CC9KEN0G4GQTq4OaQQTYJ8eP4/L5uO7D3f5BB9q4IapQTsJ8ePj/p5uO73U260BR:ChEN0G4GQm4OaHYJ8eP4D5uOHBBBg4Ia

Malware Config

Targets

    • Target

      VirusShare_85c42cd8cef1756ad866c578331ee042

    • Size

      657KB

    • MD5

      85c42cd8cef1756ad866c578331ee042

    • SHA1

      3c5c8ba27479784788f1b1e4b93efc6744500315

    • SHA256

      d1d7ff6b28df9019a2001eca4869870b965d3195adf6e85c669f555df62c1d6f

    • SHA512

      0edd191c62288c66222cfb36f85634e1395a47e666674ef1f92546fb0d97361d4681681d49319df24aa1bc699f817841db3a413e3be3890563f2cd2559a02624

    • SSDEEP

      12288:CC9KEN0G4GQTq4OaQQTYJ8eP4/L5uO7D3f5BB9q4IapQTsJ8ePj/p5uO73U260BR:ChEN0G4GQm4OaHYJ8eP4D5uOHBBBg4Ia

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release3241chaction.js

    • Size

      864B

    • MD5

      9fa056672d4934a0206454eebcf29f29

    • SHA1

      e930499aa0f5d5f67a90ce223e6d848b5ec1e7ad

    • SHA256

      8e80a0ed3ca8475c2f06df582995bf0a8cce7ab7fc6688e15d387c058661ea8d

    • SHA512

      0bdeb69453e3f6724d151e5285e865c780a2bff6247fefcdc515c1cc05d6b56f758cfdd0392700d622f3fe97b28d8f35fb3ad60f1ceb9ca650c7fcc5213195dc

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release3241.js

    • Size

      765B

    • MD5

      948133cdd2743d1c37db9d5ced22ee00

    • SHA1

      207b6ff8f5f3b47bd5d4be40d5b635227c1c3153

    • SHA256

      c94fb062035a64f762e834a1f4c13bcf2d2934d32adb566c37faecc3a8c9c675

    • SHA512

      718fa905e655543c4685d1773824316cf7c9da9f4fe1536d44bf445d3455693a08a4dece6635b3dbcfe40f8df6bd6119c0f09f41fa5e2c08ebe3a9e899da2f7f

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release3241ffaction.js

    • Size

      702B

    • MD5

      9b6d0fbc49369e3d7df9edf2dd116fb8

    • SHA1

      4120c6bb11fc45c77ee85b065b4cfcd6dbdc2a22

    • SHA256

      1b5e7c7a74df08dbf09ae5a92a6c0a9b622d5d897faf9da0fa65d52a4884c6a1

    • SHA512

      35e3bc9eeab9d9d6f548a15779e5c354bf348197652239b7bf597a43fc903c894cc67c5eafd19b177cd339fc1a9b7d621b59d6e24db51751bde5feef269d88fc

    Score
    1/10
    • Target

      ie/RichMediaViewV1release3241.dll

    • Size

      85KB

    • MD5

      20c17f11fee59c657f9582c442c737ef

    • SHA1

      dc678f883e3322481368793d0f8dfc2dbcad16c6

    • SHA256

      61a04fce7ea3d4da6808a703c12e82d05cbacf5ed679c799bf65f67f87e84105

    • SHA512

      fcd0fa62b8bdb924641bfc36c5a8b6d762acc30f77656d83a2117938cc7fe986afde6c38ac9db0801ab6a50eac7d4648145c9eb6190aecde4a26cd1d4d0b65c5

    • SSDEEP

      1536:uhMWCsgyMIwP/t6hp1ZcTkrCIoeCTfLlQAv8s5KS:rWKyMIwP16hp13pgaAvn3

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      b2142828a046840fccb7f1f52488e49a

    • SHA1

      2125d4233118f80450bc6f93ee44ac51c9330b3a

    • SHA256

      d2e2287977c4eba91181ca1d6c2ccadaf9e6b625da181a6f1d7ba9947f16eec8

    • SHA512

      1381e634a464493b162def42f8f3143ee32d493381232bd710981c50d7dd961c640e592676838ada5199825341599bf7fc2633a90c5ba279497d7569ec694fe8

    • SSDEEP

      6144:Ue34hB9Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmG:EB9q4OaQQTYJ8eP4/L5uO7D3f5B3

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks