General

  • Target

    VirusShare_f2905a442cce406fe902f8f1cd9326e0

  • Size

    689KB

  • Sample

    240204-zqpgkscfaj

  • MD5

    f2905a442cce406fe902f8f1cd9326e0

  • SHA1

    987a246691ec786cd6f4dd2fafbea438d25a757e

  • SHA256

    7625c245fd1542c5f25bf3e5a814750cb04f97c69b21013d46dcda9f551737a9

  • SHA512

    d794ac3e44071c614626cd1998d0bbd183c41861172e00314c631368c3bac8fdad9db08eaeaee9b1a83be7c34bbb8442f8910a2a4b151706a7fdc2d5810bdb0b

  • SSDEEP

    12288:uYkaZyRpeDiBG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDkjeKuVmvFb+N8+Lwwi:uYkaZyRaiBG4G37tUnvone83Z76bMHxW

Malware Config

Targets

    • Target

      VirusShare_f2905a442cce406fe902f8f1cd9326e0

    • Size

      689KB

    • MD5

      f2905a442cce406fe902f8f1cd9326e0

    • SHA1

      987a246691ec786cd6f4dd2fafbea438d25a757e

    • SHA256

      7625c245fd1542c5f25bf3e5a814750cb04f97c69b21013d46dcda9f551737a9

    • SHA512

      d794ac3e44071c614626cd1998d0bbd183c41861172e00314c631368c3bac8fdad9db08eaeaee9b1a83be7c34bbb8442f8910a2a4b151706a7fdc2d5810bdb0b

    • SSDEEP

      12288:uYkaZyRpeDiBG4G4Y7jeKuVnvon+N83LwwiAn6KkM33nxDkjeKuVmvFb+N8+Lwwi:uYkaZyRaiBG4G37tUnvone83Z76bMHxW

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10
    • Target

      ffTrustMediaViewerV1alpha6535chaction.js

    • Size

      869B

    • MD5

      388a3538cdd6daf45d9e952c92a92e68

    • SHA1

      eb3b1d14237d43c2275f3de0b31b4ce5ea6b6b66

    • SHA256

      5ffe775eaa159370be6c268fedb5308181998824d69138b5e7384e5ece4cf390

    • SHA512

      b1e73158d65d2094833ebbef9a1806203c0e9b410aeab5ace50c89aa71caadbfc6042939029d0d47594a381d39f187ce784a2bd4b92bdd2a79e4822e5d3305be

    Score
    1/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha6535.js

    • Size

      768B

    • MD5

      63a7db3a50aed4270b3373498939c02c

    • SHA1

      9caa532ef18e295474c3dbab08c6fa0519dd5fe5

    • SHA256

      f9462b4de19c44e0be874a27e40c3fbfd56e1a76c119c6e2be18e2ec6e02de2c

    • SHA512

      10916a664d26c02fe343acd3a158e1913e10e5dc6ed2a6141544cda9419b172772ec5fea72403b7e4909c8c731d4b6f5b0f3c5a0976143e64eb184785ed62d00

    Score
    1/10
    • Target

      ff/chrome/content/ffTrustMediaViewerV1alpha6535ffaction.js

    • Size

      706B

    • MD5

      df0e3695702dd6cc3046b9b8461c30f1

    • SHA1

      7c5ddc8ace98dd1df8459685af134d0bf53b71f9

    • SHA256

      93a78cb8b32146e636de1feb5684347421ff485894c5181f3e7d38a4ec269744

    • SHA512

      b40494bc024c6783a5061166e90e162d9102f3da9d6d5ae95cc56cd944d944e74e1a95364fb9a0533114e1c715c848cffa239a624457d180ce081b6a23f42805

    Score
    1/10
    • Target

      ie/TrustMediaViewerV1alpha6535.dll

    • Size

      85KB

    • MD5

      16aadfa137954f30a7e8b59ce52d43f9

    • SHA1

      5b6e2f8b749c9769361bcd1ec0e648687ff40660

    • SHA256

      139b631d171b830adb4d87c01660ba2a5566c056ead7eae453344f11ff746ddd

    • SHA512

      002f40492c4c03beb237db7c7a5ff68abccec844fb2c3ec9a32b65e2d05a9402446509ceeed3c64e8eb5b1438dad338a89488d73c68b4f1be72231902b8c2030

    • SSDEEP

      1536:jpMGCsQis4En/tKx+kNp8DkSj518DOslQsRLYVx:iGais4EnVKx+kNSj5uDrasRLY

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      ie/TrustMediaViewerV1alpha6535x64.dll

    • Size

      100KB

    • MD5

      11a64012ba925b104b6827ac3fcec592

    • SHA1

      7ce8aa7b45d2b053d61fb64a544baab98457a2cd

    • SHA256

      525a62c5745f5cb8a88669477f1375ce61a76257db285c75c2023b1714b96fd8

    • SHA512

      b541dad30ab1e2127c76fd94839c83bb5b18c3882c664317846f2373bf0a89ba847ea5ca07a0da2d5bffc5d3545a99752838209332b4f22036857a511be431f1

    • SSDEEP

      3072:CBjCnTZPTGSRzBHsQnTfGNAjYrSWfzQBTSRF94Y:CNCnTZPTGAlHdTONAjN6v4

    • Registers COM server for autorun

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      295KB

    • MD5

      07aa5e82babfad3b47b27b7be5c9cea5

    • SHA1

      ec9d2ad40ad0fab31ea6e84ca52f95e1420a7c46

    • SHA256

      ed8185baa6b950cf32d352ae7506e677af6c2b6c03598c8fcb7397ce6343db8d

    • SHA512

      7ac5620862cd66669d0087e04dec3efa1888c80ec73d32172cfb6d440a7f3ce77ed2316918bdf615c591bac5c7f619fbf25a5d72204d20a39ef04bae2d91d994

    • SSDEEP

      6144:Ee34NTjKTK0HVkUEYA2q5NbrWN83gQwwDuzMn6yDkvE39kojTxDtEA:YTjeKuVnvon+N83LwwiAn6KkM33nxDd

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      f346047b13f37f79c462e59a6319faa1

    • SHA1

      ce9e7cb9719000a69b463fe024c81229e322279f

    • SHA256

      e78e0e61707cabec8383f1e74da9db8e0fa123a3a7b36f0080d70fbaed6f7453

    • SHA512

      429209cc489ba9ac2d62055b128efb3cded3e31f966c7cdb1aee592ec7a54ab090526705fa2519498d92eb4bc2efa141cd83adc6c251b793388ad1208b172167

    • SSDEEP

      12288:w/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9G/uf:vGnSkWh4G1ppgH81vrBu3MHOGUKfG/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks