General

  • Target

    VirusShare_bcc3da7f11aea7618bfb46acc0d7db40

  • Size

    657KB

  • Sample

    240204-zpr63saee6

  • MD5

    bcc3da7f11aea7618bfb46acc0d7db40

  • SHA1

    8eb945228c573382fa85ec1b7b47d520ddb5dbbd

  • SHA256

    3f773f7c02cc87805c4c56539f35928b23f16d3665459b7281cbc98353e36ee6

  • SHA512

    4d4252e8ab6a7aedf41fa8575dbc090fb4dff7f40a0a5e09e6db7de23c6db27269fa44163ac077c9cce2c79d0f94898b600856a17d9c6f6271c1ab4beb175349

  • SSDEEP

    12288:5TiL+FmZzG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B2q4GaFQTwJ8ePV/t5uO7ELvHho:5G+AZzG4GQm4OaHYJ8eP4D5uOHBBb4Gs

Malware Config

Targets

    • Target

      VirusShare_bcc3da7f11aea7618bfb46acc0d7db40

    • Size

      657KB

    • MD5

      bcc3da7f11aea7618bfb46acc0d7db40

    • SHA1

      8eb945228c573382fa85ec1b7b47d520ddb5dbbd

    • SHA256

      3f773f7c02cc87805c4c56539f35928b23f16d3665459b7281cbc98353e36ee6

    • SHA512

      4d4252e8ab6a7aedf41fa8575dbc090fb4dff7f40a0a5e09e6db7de23c6db27269fa44163ac077c9cce2c79d0f94898b600856a17d9c6f6271c1ab4beb175349

    • SSDEEP

      12288:5TiL+FmZzG4GQTq4OaQQTYJ8eP4/L5uO7D3f5B2q4GaFQTwJ8ePV/t5uO7ELvHho:5G+AZzG4GQm4OaHYJ8eP4D5uOHBBb4Gs

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release655chaction.js

    • Size

      859B

    • MD5

      43396e91e720db5de98e7a947c9fe25a

    • SHA1

      0c1614b1609330635f544d8a811542b35360d409

    • SHA256

      356dba5db8b7390a7c36333480607da3c2d1c772c9e86aef742c34c98915ebc2

    • SHA512

      3d79a51ee8a7064eaed0270e3e138ddb6ea4f7d17ef2beb6624c492cbd03fc6966d263416cce5f77a872bcf47374bc4297af5a56d092a65ee8e44df0f5d8d802

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release655.js

    • Size

      762B

    • MD5

      9c001b157a858af4c007fa0e3712c07d

    • SHA1

      f7c006b8bcb5656aaadbbdb561e19243529f5d16

    • SHA256

      3bc009a265691c07613003d4873896ee80a430ad435550329baafbdeefca7644

    • SHA512

      78315c2d42680372f7ef2383136582e2699c85e148ba8a1018303910c23dd8de14def9b1c71fc08badb4111c077a8708a54989f719194962f7a27d4d85842157

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release655ffaction.js

    • Size

      698B

    • MD5

      7039c88ff9a329b012c68515868baebc

    • SHA1

      f101fa68964de2960aede7f4a3ee1f7aa79c7bfb

    • SHA256

      c8cffb5fae340797d43505dd0e628b67c1d3c6bfae9d8c1d0015eea6eeb87c28

    • SHA512

      2d88da5e5b3f91588f50e4f2f682c46292fde84e2cfa387c48606d2bd3a914b3b4e9c6df999a77529f627ba5d7a0df9234cc54348069f339652208fac696f8db

    Score
    1/10
    • Target

      ie/RichMediaViewV1release655.dll

    • Size

      85KB

    • MD5

      5f8693fdd29cf4e9c0815cb95828b570

    • SHA1

      e578547cb9522c45ee5e43773748accaafa15469

    • SHA256

      63fe7af637b4b05fa44669c34e03b5f6dcbd89fe71064c26d21e84b68f4ea197

    • SHA512

      de18246e1169f3a8c8d99255d0675f205b61ce092b138bfb3fcfd7f2bac6221764c33297334cbf4b444bdc5cb719c031e5085df2730b2dcd33bda16192b6eff4

    • SSDEEP

      1536:hkf9Csc+EE7Msd5N60GlVk8jkrwEnnqLhPLlQzz7NBZ:y9++EEwsJ6FlVEnnmazz7d

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      28562b41ac8def457cd2bbc49eb8964e

    • SHA1

      f754bd3c29d1e9f5ec6afcdc42550562e2af014d

    • SHA256

      21773005f5bc3622513e412e90511612bb3f15faf21cfb0d81ad5a9509ca5ff0

    • SHA512

      fea8c5740c737ca1d33056d598f723ca31e38168fb5beefa5e2cdf284e5ecd4f3690632a7723e6b04a3a28256e98d967dae1228e6b79ae5dc53f8598dd3dcb38

    • SSDEEP

      6144:Ue34aaRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmN:Taq4OaQQTYJ8eP4/L5uO7D3f5B0

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks