General

  • Target

    VirusShare_a1138f77f3d22b772c1489fa928bd1cd

  • Size

    634KB

  • Sample

    240204-zq6e4aafa6

  • MD5

    a1138f77f3d22b772c1489fa928bd1cd

  • SHA1

    73e0eb8c4af02d396733464e2a28defbf7cc33f3

  • SHA256

    43c6673da1d5f2782d9aa820175debfcfa85db698be5cf943cc1efe64d7d130e

  • SHA512

    900ea5b71d5a9c0d9d615685262963cad5459500bf9f9cbc8a24e711228e0b0a815a69d4c9b38e7b339009433cfeb23aa86ceb6b512076fd3ca29a7c78f2bbdf

  • SSDEEP

    12288:HgplCXG4GjeZHkwuPikQ7lKH5p5H9x1NeZHkwutifQ/lK15ppxlAlft:HgzCXG4GjeZEXi37l6Br1NeZEFi4/lGq

Malware Config

Targets

    • Target

      VirusShare_a1138f77f3d22b772c1489fa928bd1cd

    • Size

      634KB

    • MD5

      a1138f77f3d22b772c1489fa928bd1cd

    • SHA1

      73e0eb8c4af02d396733464e2a28defbf7cc33f3

    • SHA256

      43c6673da1d5f2782d9aa820175debfcfa85db698be5cf943cc1efe64d7d130e

    • SHA512

      900ea5b71d5a9c0d9d615685262963cad5459500bf9f9cbc8a24e711228e0b0a815a69d4c9b38e7b339009433cfeb23aa86ceb6b512076fd3ca29a7c78f2bbdf

    • SSDEEP

      12288:HgplCXG4GjeZHkwuPikQ7lKH5p5H9x1NeZHkwutifQ/lK15ppxlAlft:HgzCXG4GjeZEXi37l6Br1NeZEFi4/lGq

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home775chaction.js

    • Size

      829B

    • MD5

      94e42c0e57b904d363103b7d10468a9c

    • SHA1

      407b0d941e8751330d75dca9cd53439035cf8a6e

    • SHA256

      ee4ba6f39941a50aa807bf35d0dd1fff0984b6833c092e6736a36a7d8e83121a

    • SHA512

      d2a95468911ef250b1d4f23954ebc6c5e96baf6fe0da0a1b6cede68cc4470a89d5733c1529d86646a81105e8fd6e16b5099616089a6aa001c48c71f6dfbda6aa

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home775.js

    • Size

      744B

    • MD5

      a5ab13de584ea38a7e24b6b4256c6b0e

    • SHA1

      cb9127829e947580e67b3651007bfccce0058ecd

    • SHA256

      eea48d8fe5eba56c7d274a81add807f2240056876439623d507804f3be8f6abe

    • SHA512

      0e32503a8e32a92d3a0fdfe94d3be5a5272aeb3e29975e04bc38d37f7929c6cfd1661eaad6a5a1c5f806a995b91444758c9d3e0bbf1b4eaa210d70325487bda4

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home775ffaction.js

    • Size

      674B

    • MD5

      6ff0df6a3a82ecdc106e366237487bbb

    • SHA1

      0811c5dea5c3fcf6939cda9a2b319e0006e695b5

    • SHA256

      828bbcd90ce5b14f2b347932e20fc11bb6991f47102cfc035e13d28f02d12f35

    • SHA512

      9dd52a799971f324e3f0a005b4c1f836017c4d1bf530d165246f6eb8d700d9ef43daf564ccf07e152e155d1c65bbdd3b1e92a6b3e991eecc6fca5c6be4224b6a

    Score
    1/10
    • Target

      ie/MediaWatchV1home775.dll

    • Size

      85KB

    • MD5

      7e69b2b23cff0c2bb174cf32cd083a03

    • SHA1

      0b26fe9da40ffa4d26168ac686015cc5d6a61105

    • SHA256

      86bd7c6e350257aaf557427dd17d55a1e1e6ded7f617fb6da108757d6892af34

    • SHA512

      e5fa65d3960fc01da13d5e79c871d02dc795b2439b892498f1b20e7b5726321923b221758176d3d427cf6e24128e0a3fbd44a6be4b920f692d46e38667a767c6

    • SSDEEP

      1536:un/1CsEmkaMAXtahrOb8Dkt00HA9glQk10NF:K12mkaMA9ahrO00guak1A

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      3207d52873b2642585d07e5694cf000b

    • SHA1

      5d88a870756e057f3baaed4c723134b6916ba98a

    • SHA256

      35c22db0fa23d25fdac3e647d63cfb2f03fb0fbb2c016eb8519b0ba6876cbb38

    • SHA512

      4c9ed7d94f9969a6343cc853e863c7d05d8f964da20db303bf6a2b4d88b3ad5a1dae514392d05c4b0a663e84e1ff688383900bc7438d765e84081c9644ae6d4d

    • SSDEEP

      6144:Ee34YEpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1S:d4eZHkwuPikQ7lKH5p5H9x1S

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks