General

  • Target

    VirusShare_3f9616ae55b6c26e14de3dd149a0441f

  • Size

    657KB

  • Sample

    240204-zlm3yscdfj

  • MD5

    3f9616ae55b6c26e14de3dd149a0441f

  • SHA1

    ae6fc44816212f172e633510c513c245ddf7e5ee

  • SHA256

    873b6c7f71d3bdbac6f1670b45767f233f2745196a542a6200816ef6a1fadff5

  • SHA512

    557b74f7e4a060a7c50b0bbe4dd0b27b6b4d547c0e5f66dd9a7c382a9730f5f5d5ac8bc22883c1c047f1e499c9c120f57040c42e0af7ebb20dd472f6a6f929d0

  • SSDEEP

    12288:bTXQMBXG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B1q4ya/QTcJ8ePx/b5uO7ALvHXAy:b0MBXG4GQm4OaHYJ8eP4D5uOHBB44yaO

Malware Config

Targets

    • Target

      VirusShare_3f9616ae55b6c26e14de3dd149a0441f

    • Size

      657KB

    • MD5

      3f9616ae55b6c26e14de3dd149a0441f

    • SHA1

      ae6fc44816212f172e633510c513c245ddf7e5ee

    • SHA256

      873b6c7f71d3bdbac6f1670b45767f233f2745196a542a6200816ef6a1fadff5

    • SHA512

      557b74f7e4a060a7c50b0bbe4dd0b27b6b4d547c0e5f66dd9a7c382a9730f5f5d5ac8bc22883c1c047f1e499c9c120f57040c42e0af7ebb20dd472f6a6f929d0

    • SSDEEP

      12288:bTXQMBXG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B1q4ya/QTcJ8ePx/b5uO7ALvHXAy:b0MBXG4GQm4OaHYJ8eP4D5uOHBB44yaO

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release338chaction.js

    • Size

      859B

    • MD5

      81c50f1ddd8b9d7523f750ee2bf07a05

    • SHA1

      ec2028ae8c11a68b02f73b5d8c6a64bd1f343899

    • SHA256

      4e150a45a1597cdab1c00e6e1546b4261c2129fa8710c9e0c0c265d89e15fe34

    • SHA512

      b3e7a7fde5e7db5eb45824f784244026a7f32203a7b4a3e00f4464528ff223f43d30d1558804f7dbfa344a84c4fbc0367e4254306a70f10e186006ded48e18b7

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release338.js

    • Size

      762B

    • MD5

      b28f055d07e9aa1ddebbc02198dbcd07

    • SHA1

      e5808dc74334b1e37d0f91dd2b3d4ff3abbbac54

    • SHA256

      4e3efa2e675637003c0a6279bbd34c783e8316f3cb5e6302f15ef6aa06a5a4d8

    • SHA512

      0fd9a8fc3cccc4b84f4243e9e7502f5e60be996d1304778629ce5bc54d411d5f150603bbc9ee840ac4d4877df8cc033d01dd38a7d18f8a077ac7c5d9ace5d011

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release338ffaction.js

    • Size

      698B

    • MD5

      3ecd66e9fc0e7cda816a8781d5e6a2cd

    • SHA1

      5e6c2f745b945e003edb298715d3e3d1a0288c16

    • SHA256

      93d6924f57fe8626a13d2e43d0a47b870dd2f5e43c3675cb1ed782d6c7e3c82e

    • SHA512

      e5c4e0da317a5dc4e09780fbca93b00aa29412f4a1890611ee60dd95220ce03fc66c782be47bba237581ad1692766d08518c9bf92ae62e3f1763d25fefcd4c56

    Score
    1/10
    • Target

      ie/RichMediaViewV1release338.dll

    • Size

      85KB

    • MD5

      e3da1b60b2daee8f7b22c69c3b5d514b

    • SHA1

      257e5753f9523e9bd967b1d985675096df9a7eb9

    • SHA256

      4765f354673e4fa2fbf32f9ac470d07f943e8b0fa97a233387cee8ef4c4167c7

    • SHA512

      e7eb8266c81d0b67141edc56fcab3879f1dd97bda268a56bbfcc774d790185d7f06ddb318ed8fe423b68ec337893738845493513394eb3f55bee1aabf9942533

    • SSDEEP

      1536:ukf9Csc+EE7Msd5N60GlVk8jkrwhInqLhPLlQ/z9tBZ:B9++EEwsJ6FlVhInma/z99

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      a8917ce875b4efb326ab9d4ee3be9993

    • SHA1

      229a54fc11d82ef36f00eda5fd952476a3127c1d

    • SHA256

      55e3eb37764b474833ee7ac7340f7caa6adb645d8d79e6c02cca7e3bdb7f39bb

    • SHA512

      8586e313ef6192d65ccb90688b4c2d1eb5006dfa799781734edcbf736adb3ca72d4290fda74421f207155a82cf8aa91105be6f8fba7e0572186dad20548c3f9a

    • SSDEEP

      6144:Ue348GRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmz:BGq4OaQQTYJ8eP4/L5uO7D3f5B2

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks