General

  • Target

    VirusShare_1aae148d5b7a099874a2180f6372254b

  • Size

    634KB

  • Sample

    240204-zm2yhaadh9

  • MD5

    1aae148d5b7a099874a2180f6372254b

  • SHA1

    d2fe303da4eec3e9cf080c4579d0c0480c852546

  • SHA256

    1e2eb68b2721b2c1599aae729adb1a94ae57b6d3b59b46f86afc98a61c6b20eb

  • SHA512

    9757a4416d5ae1a487754768216bdd34e43ca8a3f247836468458f19f9cd30d3532de68e9bd8ccdb78489eb1c838c8a9373d9cea6964dbf6594d5b1dd8d8fda7

  • SSDEEP

    12288:3IHkY2G4GjeZHkwuPikQ7lKH5p5H9x1reZHkwuNivQjlKT5pRxqlfW:3OkY2G4GjeZEXi37l6Br1reZEFiojl4d

Malware Config

Targets

    • Target

      VirusShare_1aae148d5b7a099874a2180f6372254b

    • Size

      634KB

    • MD5

      1aae148d5b7a099874a2180f6372254b

    • SHA1

      d2fe303da4eec3e9cf080c4579d0c0480c852546

    • SHA256

      1e2eb68b2721b2c1599aae729adb1a94ae57b6d3b59b46f86afc98a61c6b20eb

    • SHA512

      9757a4416d5ae1a487754768216bdd34e43ca8a3f247836468458f19f9cd30d3532de68e9bd8ccdb78489eb1c838c8a9373d9cea6964dbf6594d5b1dd8d8fda7

    • SSDEEP

      12288:3IHkY2G4GjeZHkwuPikQ7lKH5p5H9x1reZHkwuNivQjlKT5pRxqlfW:3OkY2G4GjeZEXi37l6Br1reZEFiojl4d

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home3038chaction.js

    • Size

      834B

    • MD5

      4a5f23e078e696e882e682fc5e4c6c0f

    • SHA1

      93864a261e991d697f498e911750bce7f24454fd

    • SHA256

      161c323a2cf0ba7a77e9d9eeb86527b33bd301f582dc7c0e75724a4cb0c8dbc3

    • SHA512

      8abd9f8b3de2882b1ba4111092a7b3adc323644988dbcb5b85ebd758eaa3b968cbb8e88f9ddd450d96eb89b98c1e58593ebf0609b903d597d57a4b3e9163c4ca

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3038.js

    • Size

      747B

    • MD5

      48cc80784132a82039711115e66bbcf7

    • SHA1

      1ac481acbca3cca425ad3cc04a3d2333d6cffab9

    • SHA256

      e09a19882b7238554c80f5173487b854a3bf9bfc44686703560858c769cc821a

    • SHA512

      8a6767b8578a3ee8e074ec3c12bb76da2df87112965d5e13fb5c5f9d28a64cc6bcd09d6ebdff0fb38cb4881fa19729d81672c06283c2d774f849c798851f12db

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home3038ffaction.js

    • Size

      678B

    • MD5

      142408608c32336d9890b370522b6b0a

    • SHA1

      ff1710e2703f3ea59b2617f599eb6d99930bb8c2

    • SHA256

      0b7ef98f878d52eb8bb845de9c5fed7fcca8cbe6c7d52a18536be82637b06173

    • SHA512

      05415ba7fbbb0e7d4f8b559bcfc70aa81885d2fb7baf010b32e7d7b9870e98ce7bcc712ff0c64235cdce6c8af2c27db91f8b3380780a1e4932f3f7f2c3e24c23

    Score
    1/10
    • Target

      ie/MediaWatchV1home3038.dll

    • Size

      85KB

    • MD5

      c6bee19aa67b23874bca8ed59bc311e0

    • SHA1

      c421eae4ca912e47d5a5e7c2e5b2cfa0dd48d9aa

    • SHA256

      3618df70bba20756ae21cba39dcbc3d5e49c5c05fd20c42772b46e2ee8d7bf80

    • SHA512

      17c494fcef1e4a8b4a05d582da56e471036e8cc8645c695f4efe5647b05f4c23c60955d12f6c8dde5d66da93df6fad6eae187bbe67d68c324f300e37cb490410

    • SSDEEP

      1536:Z8/1CsEmka04RhRtahrOb8Dkh/6HA9glQR/QB:S12mka0ElahrOj6guaR/Q

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      d6b2c26a80f047f3a78ef49d4961e5f1

    • SHA1

      159d982e2a5f446323abfa9837fdc9667d072e19

    • SHA256

      faf3203359af8e29b8fcfc81edc700e07ac1d756e69951216e01e634ff5c6348

    • SHA512

      0b3e700f6f20015230c2af8c059308bcc1d02f7b94b04fc7b78af2ea28c97748c7718ce06d99712cc6f349c732ce69426d55e96f45c0bf2fd67b334b3f0443a0

    • SSDEEP

      6144:Ee344VgpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1W:dWeZHkwuPikQ7lKH5p5H9x1W

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks