General

  • Target

    VirusShare_09853405faa77e04f17ea98050f1d170

  • Size

    634KB

  • Sample

    240204-znq8dscecl

  • MD5

    09853405faa77e04f17ea98050f1d170

  • SHA1

    7436031b7bd018953153607d22f59f59870a4301

  • SHA256

    52d2d81e1111c5f050718ba3efa7d5f5c1492a9266721569de939a28b98c9f18

  • SHA512

    0039b91c09d8af3220f284dab433f9037b030c94b12753124d7a5619b13228f358e19fff81e91d73ca46c48bf384288726f0bb42cfc1158ff3ae7b45150743b5

  • SSDEEP

    12288:by0AqXMMDBG4GjeZHkwuPikQ7lKH5p5H9x1I0eZHkwuTiBQVlKz5p9xl/lf+:by0AIbDBG4GjeZEXi37l6Br1I0eZELi4

Malware Config

Targets

    • Target

      VirusShare_09853405faa77e04f17ea98050f1d170

    • Size

      634KB

    • MD5

      09853405faa77e04f17ea98050f1d170

    • SHA1

      7436031b7bd018953153607d22f59f59870a4301

    • SHA256

      52d2d81e1111c5f050718ba3efa7d5f5c1492a9266721569de939a28b98c9f18

    • SHA512

      0039b91c09d8af3220f284dab433f9037b030c94b12753124d7a5619b13228f358e19fff81e91d73ca46c48bf384288726f0bb42cfc1158ff3ae7b45150743b5

    • SSDEEP

      12288:by0AqXMMDBG4GjeZHkwuPikQ7lKH5p5H9x1I0eZHkwuTiBQVlKz5p9xl/lf+:by0AIbDBG4GjeZEXi37l6Br1I0eZELi4

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home687chaction.js

    • Size

      829B

    • MD5

      914030413f9979df66b7add2a07bd5fc

    • SHA1

      b46bb1c354fbc0b79ac5fe98fb16c1d9ecd29393

    • SHA256

      6f4dc0fc15fc497371529893dccf98317b10d2e09dc1c442a6a93a47b3c0a9e5

    • SHA512

      18cd8cdedbf654065d916e000b68daf05032042fa7c85f9c174511beaca64591aed040166afda3f71b96079b319430bc743a6a122113ccb0fedccc369ec8995d

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home687.js

    • Size

      744B

    • MD5

      48f2ffa6ae56ea5cb2c159c7671db9ae

    • SHA1

      84178e15446af0c08fca0242edeaba2122d823d6

    • SHA256

      daa18ab5994216f6f0a255f458cf215efbafd1ece96f8d347a629117af5a166c

    • SHA512

      fece7a8ec3d7ba973e8351b7a5ed83cec5845e8b5edd53ae6196ee54794369f9be2bcf6fbde9df99d5c3540f33d8f2ec3a8a6f17ddd1f106b1e94074c2fd3eb9

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home687ffaction.js

    • Size

      674B

    • MD5

      85c08eabf1b51b8ef552d691c4ee421e

    • SHA1

      9e4c731fa23988a464505cf356c1ba26d9d2e710

    • SHA256

      ed1ae00c24aabaf47958f6e69d17c395c4acf84d0910dfa882bc5d3462cb59f3

    • SHA512

      84dca46a93de257ccddaae2b7197fd5feb5e674ddf84d01aa98dce7522297e29fd4b74ee99cc3c755ed4484b0a3fafcb031fe6fdc778ba8c0d7289a9b582e04c

    Score
    1/10
    • Target

      ie/MediaWatchV1home687.dll

    • Size

      85KB

    • MD5

      d2c45dbcb7898eb43e6c7770ebe9a054

    • SHA1

      99705754d9870dbefffefa2967b5140df5aaf28b

    • SHA256

      5dafdd80f9be35edd0bce0c1204f6672fd543262e4935312cc8e553a528532c8

    • SHA512

      94af309bc6045c04d50bccedf3374655a4bd5e5d05799b4819e32838d9d9e9703dfa8f1c23191adaf2445747c3c68a4e043bc69d4ed51d89f39c31f395c1df6f

    • SSDEEP

      1536:/n/1CsEmkaMAPtahrOb8DktPsHA9glQKJxR1:X12mkaMAFahrOPsguaKJ/

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      a77b11c666e3aae0b94dad93c44e3bc9

    • SHA1

      d7edc5fbcc46fc3365bd5f1db3daf8d8a851160a

    • SHA256

      74aefd881f3b4609302f4a3d9202dfcda35d9bdfc18cd006f8722ea47f6b868e

    • SHA512

      41d4dcfd32200acb03c93d87819f1edbd4034dd8a1b800dec800913ee64122d523e1c1ecc01f74fc7d01e1ca5b129c8b45b8f4cbae15152f7397d5b08726c272

    • SSDEEP

      6144:Ee34sMIpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1V:JM0eZHkwuPikQ7lKH5p5H9x1V

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks