General

  • Target

    VirusShare_fb3372c20be0b599313c4bd1988988a9

  • Size

    634KB

  • Sample

    240204-zpmxcscefl

  • MD5

    fb3372c20be0b599313c4bd1988988a9

  • SHA1

    6f123aa9c041dff29cfeabc99e76cf10b8fb3b76

  • SHA256

    cb07b8fc43fe913578efd6a6480d9477301aa0230a413dac255803b0af957dde

  • SHA512

    ceec5e456c9cd3a3ec22c23b545969c0dcb03589988a3afc974df7a364f3359a164420e5af22efa4ee6a3769cf92da13f2ed030a9be06e3433995edd8617d9d8

  • SSDEEP

    12288:LcK5G4GjeZHkwuPikQ7lKH5p5H9x1zeZHkwuViRQJlKT5pjxFlfD:LcsG4GjeZEXi37l6Br1zeZEti2JlMrfd

Malware Config

Targets

    • Target

      VirusShare_fb3372c20be0b599313c4bd1988988a9

    • Size

      634KB

    • MD5

      fb3372c20be0b599313c4bd1988988a9

    • SHA1

      6f123aa9c041dff29cfeabc99e76cf10b8fb3b76

    • SHA256

      cb07b8fc43fe913578efd6a6480d9477301aa0230a413dac255803b0af957dde

    • SHA512

      ceec5e456c9cd3a3ec22c23b545969c0dcb03589988a3afc974df7a364f3359a164420e5af22efa4ee6a3769cf92da13f2ed030a9be06e3433995edd8617d9d8

    • SSDEEP

      12288:LcK5G4GjeZHkwuPikQ7lKH5p5H9x1zeZHkwuViRQJlKT5pjxFlfD:LcsG4GjeZEXi37l6Br1zeZEti2JlMrfd

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home2633chaction.js

    • Size

      834B

    • MD5

      0508bbd4767660e26daf4b5ee5c588db

    • SHA1

      2b6d3cd97a68b7fd2cf4740b151185190e012b85

    • SHA256

      3a94c1b15f34d844e7a7a259cf99ca0edf4186416509a1fa25983e8a24124179

    • SHA512

      a5a4fccdb56133c5b90996c4a4908c2eaa5a697414588339baf21b111dd21e39873fddae01acac4927febb8105f0a991a05d72756b5a5a1239ac9c3f07ae2111

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home2633.js

    • Size

      747B

    • MD5

      b52a4622ccc0005eccc06b175365a4da

    • SHA1

      63979f0b13b07abab30eeaa042ff0a8d378f5886

    • SHA256

      f413c0ff091ce0cf82bbd78c2716a4605a144ff6d7b88640f87a551a3a7cdc78

    • SHA512

      7a928d1c1671017f65265da0e964220e6ecb6c795f32f263302f473c612a28346aeac32778651cbab8a7acf54d29684b69ba0d5eea8a2654bc1e817fb061a00e

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home2633ffaction.js

    • Size

      678B

    • MD5

      0f257e12b9d178a77bcd5eaf28e26bcf

    • SHA1

      1a94de955826fcdf72c4cef7884c505f600210d8

    • SHA256

      b088002952b5d3f8ff346f4fe940bdfed431ffb4d504c879c201944175fc064a

    • SHA512

      76bdf1c28100deb74393b98df1fb5884278bfb5ab63e84b7093378aed39a014e055dd763794e9e5975112e0440ccd0693d62c781b5be40b8db9d9c67ccbfa078

    Score
    1/10
    • Target

      ie/MediaWatchV1home2633.dll

    • Size

      85KB

    • MD5

      a2b5d73ceddca191fa0090458583b389

    • SHA1

      ed87382e4bfe9619a4ea5f3ef149931a6a929611

    • SHA256

      79eb987d66fb4bab872efdcf353ec85cf45630d61cf8c1d42fd64ad79e8566c6

    • SHA512

      0be51e0395abb5e2cc5b873f8ddd65c38b20cf6e23e6d72c6606192d7e3df27cf4e1da2caab5b0c8c40b180461e7e3c79590faaf90e0d306ec933217fc914ad8

    • SSDEEP

      1536:68/1CsEmka04RhRtahrOb8DkhSmHA9glQMLSB:V12mka0ElahrOWmguaMLS

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      e301ac63074109df03e6525726b328ff

    • SHA1

      3ab86ae89470cb779770276a2a9f8956e3a2409c

    • SHA256

      86e729a3f65bb4979c02fbd616b2568590abcfb387ea7eec6a156ae6c7f63638

    • SHA512

      054aa6224f0992eb8a52ac39e7928276607d4ee5e0a6b924cb7dcc44ad575c708b7a0ea991bd8413101691a0490d03d2331bfabf70b94b96af7ce1eabb2956bd

    • SSDEEP

      6144:Ee34sMpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1x:pQeZHkwuPikQ7lKH5p5H9x1x

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks