General

  • Target

    VirusShare_5ab2eab4dc253961c2a95a33909b6efb

  • Size

    657KB

  • Sample

    240204-zpp2qacefm

  • MD5

    5ab2eab4dc253961c2a95a33909b6efb

  • SHA1

    dfaebfd04dc97e0cfe94cacfe567b9e0a71627a5

  • SHA256

    f8466e2298109ceaac5a7ffd3907c3034fdbdd241c31dcf7aeaf57735937ab07

  • SHA512

    f37eb95864aa731f473ffbe1d0a24238c6000fcadb8481eb053198fa42cb97a2e7e9ce149f1d5840c9d21d4b22fa9129b14427af016cbd51590e2effe57240a8

  • SSDEEP

    12288:VM/YrEQ87EkG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BPq4GaFQTwJ8ePV/t5uO7ELvK:VMw187tG4GQm4OaHYJ8eP4D5uOHBBy4r

Malware Config

Targets

    • Target

      VirusShare_5ab2eab4dc253961c2a95a33909b6efb

    • Size

      657KB

    • MD5

      5ab2eab4dc253961c2a95a33909b6efb

    • SHA1

      dfaebfd04dc97e0cfe94cacfe567b9e0a71627a5

    • SHA256

      f8466e2298109ceaac5a7ffd3907c3034fdbdd241c31dcf7aeaf57735937ab07

    • SHA512

      f37eb95864aa731f473ffbe1d0a24238c6000fcadb8481eb053198fa42cb97a2e7e9ce149f1d5840c9d21d4b22fa9129b14427af016cbd51590e2effe57240a8

    • SSDEEP

      12288:VM/YrEQ87EkG4GQTq4OaQQTYJ8eP4/L5uO7D3f5BPq4GaFQTwJ8ePV/t5uO7ELvK:VMw187tG4GQm4OaHYJ8eP4D5uOHBBy4r

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release424chaction.js

    • Size

      859B

    • MD5

      2f0236bf13ce4d4ee4342069b553ead5

    • SHA1

      d5c29687af4a45cca37ff14f9237a1cd2d97a1f7

    • SHA256

      8421051f763fa31b41dea85dff6a791cda135c778141ae663d04be39e1322bc0

    • SHA512

      c650ffd4ae56e45b7396ea663a6bc9cecbbd0b4e9ad718efa66845cf25af5f94de244abe240565f6cc774061f693eea5e816e1b4b015e5922ae5f17b2c2b5c55

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release424.js

    • Size

      762B

    • MD5

      92051b7edcf9ab986c9a455aee6670ad

    • SHA1

      472ddffe0ccfe5fa8a5a66319b41a10c0aef2e5e

    • SHA256

      78d7adbf80aadf22726315825cac5b4d202fc2a02a16cadcaa22954e1930361c

    • SHA512

      56736dff3e93eb556f514cd09ff2ff21fdfbda799eeec805f3a4e538fb3172dcb2b3e7c738a608b58b7d5d35d37eb9ed6ece52d8851afa8b9addea82088b7e2e

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release424ffaction.js

    • Size

      698B

    • MD5

      44aa89747c98bdd950b3dc843f13bbe8

    • SHA1

      039eba5e3bc353d66711b13673d16f9981ba5710

    • SHA256

      5d4f426aae8647eedae1dc829d77b0ad26bffa4743593f1153bdc2eed82bbcf4

    • SHA512

      9e077273ba75373f72378d42199d08e351edf7aa803534dab01068bbbe06e49fd1113603a81c7f3d918b88260aa1011107405d03d2726da4646f68fd274f7218

    Score
    1/10
    • Target

      ie/RichMediaViewV1release424.dll

    • Size

      85KB

    • MD5

      4ed74dfe039961973ddf726f7c56d5bb

    • SHA1

      4603e6c2971d218974473700034594397ce143e5

    • SHA256

      378cf91476c5c8bb1dad9257fdfdf55ff4a17bd582cfd252929117610f83a555

    • SHA512

      91b5d7d66c2022eb9afbb33f0ae43b54e629c99a23ce8c04c5bb6e3ca79314293dd471ac81872effe10081fc38fe89b0a87dbc753afc522cbc9a31765b4c30bd

    • SSDEEP

      1536:Ykf9Csc+EE7Msd5N60GlVk8jkrw6bnqLhPLlQK/DNBZ:r9++EEwsJ6FlV6bnmaK/Dd

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      b8c2aa46408507917bce3d6b911101f8

    • SHA1

      f0ade870c6872fc7b0c37e1afcc409756f40e0d1

    • SHA256

      e133d53fe9ec444c9d7e7b40d0772e8417814815a2257036ff31afcdd6d5d1ea

    • SHA512

      b678baae3700e402b4d2f835020dc1fa6c2c41b272ab2e290e18175068a0c6d167a65fe94e43dc9f71cfd4934c0751db42af09167e2cc446a59a107a913b12d0

    • SSDEEP

      6144:Ue34GLRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bmk:3Lq4OaQQTYJ8eP4/L5uO7D3f5BN

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks