General

  • Target

    VirusShare_2c434d2d7066eff260cefd0e066388e6

  • Size

    634KB

  • Sample

    240204-zltwhaade3

  • MD5

    2c434d2d7066eff260cefd0e066388e6

  • SHA1

    b01c8a060306286ca284dc96ba5364053e008467

  • SHA256

    377d42df75918372cc11601aad795dc08ab520c4f99e68185b767549e01c6253

  • SHA512

    95ac761cf451d564547b6fcfc829683095cab1bf52dc7b273d4d3670895d48d3fbedea72f840b6d7b9dc3f35ab3bbd227c9b6081ae1a1377bffbbc2388c84fb2

  • SSDEEP

    12288:My6G4GjeZHkwuPikQ7lKH5p5H9x1YeZHkwuPivQjlKT5pRxqlfV:My6G4GjeZEXi37l6Br1YeZEHiojl4ZcH

Malware Config

Targets

    • Target

      VirusShare_2c434d2d7066eff260cefd0e066388e6

    • Size

      634KB

    • MD5

      2c434d2d7066eff260cefd0e066388e6

    • SHA1

      b01c8a060306286ca284dc96ba5364053e008467

    • SHA256

      377d42df75918372cc11601aad795dc08ab520c4f99e68185b767549e01c6253

    • SHA512

      95ac761cf451d564547b6fcfc829683095cab1bf52dc7b273d4d3670895d48d3fbedea72f840b6d7b9dc3f35ab3bbd227c9b6081ae1a1377bffbbc2388c84fb2

    • SSDEEP

      12288:My6G4GjeZHkwuPikQ7lKH5p5H9x1YeZHkwuPivQjlKT5pRxqlfV:My6G4GjeZEXi37l6Br1YeZEHiojl4ZcH

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home2373chaction.js

    • Size

      834B

    • MD5

      e4a85ccf07a9ba6b40c1ccd5f8e23d1a

    • SHA1

      58976b6d73c03b1fdb756881a722d8fbdabfc5aa

    • SHA256

      e5d0790aebc2a2ea561be33c1e59dfcbaddf1d9f76a577fef55bf75aba5c5d14

    • SHA512

      97374561b882d523dfe22c54ebb9ad99882ea508ac4a59c33e25291db444605bdb5a021965a3c61f32e841db8a2979b8339f120603406dbcf7043b8c45f9954a

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home2373.js

    • Size

      747B

    • MD5

      6147996b73597c4ded116e95cb3c9d3e

    • SHA1

      d84c3d092a692bc1689a86c63c020ce8bc62b2f9

    • SHA256

      8fc3396b2b1eb0d5c121f622d121f134e23d24ee915bdfc89fd233e955f92536

    • SHA512

      77f3728a9dc9c423825809241866207ef6c9dfd2921cc72b8d81089d927b7b681d154ee55a655024cd4f24ff4449c2849f87efab0dc53eb00558e87b95ef1871

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home2373ffaction.js

    • Size

      678B

    • MD5

      62cb3a8b74549ba3cae256e2dcc871da

    • SHA1

      2be03fabdc5ca154605e732ad9461437a2d24a25

    • SHA256

      667bfc7236b09cb63738119b036f357e023b72beb74d8ab9fd396d603cd56e5b

    • SHA512

      fe74d840b3ac59f19eceee088da620bf1473b69ce07b8bc4ac1d6f5eabf51c473eea0598381ba992e881820b011e6e98d300c78b59856cd97517bcb7dade4381

    Score
    1/10
    • Target

      ie/MediaWatchV1home2373.dll

    • Size

      85KB

    • MD5

      852a71cb2afa404c6f7b0500cfa3d7ac

    • SHA1

      b2fcdc92c3819eda078b0dc1e12a32f0927fddf7

    • SHA256

      804707222251bd4e5063560970cccbabeba311ceb6312f8ffeb26499ed7b580e

    • SHA512

      bef8d9f7dc6487c91a4663aaf022b68b226a67a74d26f56c3c3deb4abf39bfc42769bc6da0328a0ae52dbebe733f5c0dfa2cdaa434cc878ccfbba50d093b8855

    • SSDEEP

      1536:e8/1CsEmka04RhRtahrOb8DkhpPHA9glQAhqZ:p12mka0ElahrOlPguaAhq

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      436c81298e64d048abc331dccaa39e31

    • SHA1

      cf7625e1e487daba25816557ec655773f649ee73

    • SHA256

      f9b4f656b15f3c382a2a2f766be4d399c10ae9a313f5a379b3ccc63f0cbebc3b

    • SHA512

      58680ee3ca2034372876ed2537d3bee9f0fa338e87693b4f9b3c2dac32432b9445da74c13885277501b6d55ac9f6518f7f2b2aad053c4fdaee022ce3cd610815

    • SSDEEP

      6144:Ee34r1peZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1d:KDeZHkwuPikQ7lKH5p5H9x1d

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks