General

  • Target

    VirusShare_61911c9d35ea7a50bde27662f222a80e

  • Size

    657KB

  • Sample

    240204-zmyabaadh7

  • MD5

    61911c9d35ea7a50bde27662f222a80e

  • SHA1

    de30971d028a8c4dfe654cc1ef81a36fceac2175

  • SHA256

    dabbd8d73fed083bd44293fac3933cd09f24bbc9e180d9ae3036e349167a6924

  • SHA512

    252b3903697d5743b796ede7abb8410a8b7f0c3d5ad9d562436b6126f712f42f9e4eb3fb3a43cf4731baab0c8bcedb515c0594c4c0877b6aec02d46c61cc2af2

  • SSDEEP

    12288:AftA4YDG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BLq4IalQTSJ8ePt/t5uO7EU26qBM:AW4YDG4GQm4OaHYJ8eP4D5uOHBBe4Ia5

Malware Config

Targets

    • Target

      VirusShare_61911c9d35ea7a50bde27662f222a80e

    • Size

      657KB

    • MD5

      61911c9d35ea7a50bde27662f222a80e

    • SHA1

      de30971d028a8c4dfe654cc1ef81a36fceac2175

    • SHA256

      dabbd8d73fed083bd44293fac3933cd09f24bbc9e180d9ae3036e349167a6924

    • SHA512

      252b3903697d5743b796ede7abb8410a8b7f0c3d5ad9d562436b6126f712f42f9e4eb3fb3a43cf4731baab0c8bcedb515c0594c4c0877b6aec02d46c61cc2af2

    • SSDEEP

      12288:AftA4YDG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BLq4IalQTSJ8ePt/t5uO7EU26qBM:AW4YDG4GQm4OaHYJ8eP4D5uOHBBe4Ia5

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release252chaction.js

    • Size

      859B

    • MD5

      05d391b14caa65d27132d7c284777343

    • SHA1

      a69d9b701426add8f28de0461e3453c622ea0f07

    • SHA256

      fa9f34013d9ab3e69a73c85d52e32a6087358baa172d9bcaa678e3361345be86

    • SHA512

      206c68f9eec4ad0224f4e9cbedd7ea137a3d5e376b977b282ef20ac33824213e13e03eabddb4ae983cd10e60fbc0b6a86d3afd4c059248d7842454b15e2bf77b

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release252.js

    • Size

      762B

    • MD5

      21cf27944d623b5b394a0414c58b5372

    • SHA1

      4db7fb40e6ba08b9618d025724a2c9e24c65520d

    • SHA256

      3ffa52081f33574c6e3ba93d9cca20b95ae55031136b40be454f94290a85b28b

    • SHA512

      b55dc8a7f373f8259443d22bda28ec1a71d0857453b5741a87f15be35c988ef498ffca8ba7a553bb9a55087419a60f4b9d2fd49001574cadc8163271da25f0ae

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release252ffaction.js

    • Size

      698B

    • MD5

      6bc0d7455b6f9f26188ca35f0892b676

    • SHA1

      da7fab816d7564fe37c23e284e409b19253f7f30

    • SHA256

      791ccc77fb63aa88f0f7f858b36bde684d4b7901ebc7b901179af71dbc13406a

    • SHA512

      cccf344516a19eddc8c3547d9f82447eb22324baf7b32d7eb70bc30657cd47e460f81566c1dafacd5a983196a8fcb63bba0848e81931a28e2f263e5e7a4b44ce

    Score
    1/10
    • Target

      ie/RichMediaViewV1release252.dll

    • Size

      85KB

    • MD5

      c1681ddb2a39f14b673ae3d72d2098bb

    • SHA1

      29a8c7c6a653e62ce63e28b46fc1368481401c85

    • SHA256

      890705128929da18fcb4345016a12526f7036911028e84d2fd71c2793da7b2df

    • SHA512

      7cfa9f10244e30321d1c516320fbd2a33d596fd212e6285b0adec4a817cb4301f1ba3397da4ee1027917f628f8af02d7ecc52d2b7c32547722e2e0cf4c689f4f

    • SSDEEP

      1536:yU/NScAE87MsvZN60/lVk8jkLwNsKnqLxPLlQIQrTZ:1NCE8wsz6YlV6KnWaIQrl

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      f87523ba26e1d39d98fb91686561fe7f

    • SHA1

      db7b030c8abe7c4dc84e1aa533f72c3feeadc4f8

    • SHA256

      10e8fd21d4f07b789cc832c6be5d3e45e7e42813c5eb818a2aaa382f19f2b02c

    • SHA512

      4897513568d54336e9a0e27cfabb0812704c9355ac4a1d21edd5ad1a242858071b0c3a1db3da5736f8aba11365e61238f36d163a68bbb5814a8cf06c5a1ed504

    • SSDEEP

      6144:Ue34v0Rg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bm1:u0q4OaQQTYJ8eP4/L5uO7D3f5Bw

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks