General

  • Target

    VirusShare_eec03ff65f887e6fc5867d1d18833a08

  • Size

    634KB

  • Sample

    240204-zqwwnaaeh6

  • MD5

    eec03ff65f887e6fc5867d1d18833a08

  • SHA1

    dd906559d6c553ade318ad6d4630532a28e8b374

  • SHA256

    345df3a18c018111e4e318b2f2f3f68bd3b5dec5357734776905f5420e01fe02

  • SHA512

    8b36d225cfc3a8df12388444f00fb10d31fe022bf42e7698d7203ebc09ba8cda7aab92d2a90b8f7fe10d0c152bda090c47e8e040a07b5bd4e088a9b297bb4b80

  • SSDEEP

    12288:RAHQgd3CG4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwuziDQBlKR5psxjlfm:RYd3CG4GjeZEXi37l6Br1SeZEriMBlmf

Malware Config

Targets

    • Target

      VirusShare_eec03ff65f887e6fc5867d1d18833a08

    • Size

      634KB

    • MD5

      eec03ff65f887e6fc5867d1d18833a08

    • SHA1

      dd906559d6c553ade318ad6d4630532a28e8b374

    • SHA256

      345df3a18c018111e4e318b2f2f3f68bd3b5dec5357734776905f5420e01fe02

    • SHA512

      8b36d225cfc3a8df12388444f00fb10d31fe022bf42e7698d7203ebc09ba8cda7aab92d2a90b8f7fe10d0c152bda090c47e8e040a07b5bd4e088a9b297bb4b80

    • SSDEEP

      12288:RAHQgd3CG4GjeZHkwuPikQ7lKH5p5H9x1SeZHkwuziDQBlKR5psxjlfm:RYd3CG4GjeZEXi37l6Br1SeZEriMBlmf

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10
    • Target

      ffMediaWatchV1home575chaction.js

    • Size

      829B

    • MD5

      29e481998523b8f2a296f840aa2f7ec8

    • SHA1

      62bc3755f64a2ff4b857dc49549e1dd13ec6e09f

    • SHA256

      26d2746ab746e9d936f066145e38857051782263f9951b225376dc67e81586f9

    • SHA512

      41a9337f96bba6c321e1c51d9adc71796076c4c1ffe0ac3714d8739dc2ade034b52277ab9265581aa997c104f86dacf25c57a1d065f9f0628196509844145caa

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home575.js

    • Size

      744B

    • MD5

      aa71a7862d193ce48644d540d5af6707

    • SHA1

      27cb3d34efe4b69e147eebd758a733f31323d46b

    • SHA256

      8164d33486fdd75374d29e200ab5a8a4a0e5d708ffcc921bb5cb87c2474be76d

    • SHA512

      ea2a60dcb1de3b1a03a6557be02330abd27ac530392ec23cdfc834294b857628b12f439753d0c6d352a2780958e295e38cb5bc3e815ba1cbef71b6c6d1b98fda

    Score
    1/10
    • Target

      ff/chrome/content/ffMediaWatchV1home575ffaction.js

    • Size

      674B

    • MD5

      2c2976a346f5686e8de9e7dbf0b1e5fe

    • SHA1

      d8723165ce14b9e9a3bef9cd115c5e887a300980

    • SHA256

      2bae4a7dc778f1c372572e7660fbc2a56e762e749cd5d994c52137fcd8214b95

    • SHA512

      95f031ec064902abb305745008436edb3386fd5a6f0584ac49eb1c9d1c2131ed89948c3c9f2aae3cd830c6ef0cc3bd87bd15ad7d19a113f709b12e88ec86b5f0

    Score
    1/10
    • Target

      ie/MediaWatchV1home575.dll

    • Size

      85KB

    • MD5

      9d4d4a1b5e7fac8aa3c67508befb496a

    • SHA1

      634d3e7ef66e43a9ab6e27af9152ffc131491e3f

    • SHA256

      3f0eb7a81578671343d9d773f6edb3b99be98800e6bfd3f770914677a4d8a629

    • SHA512

      9bb49cb5852fd3aa141ac74ec7acccc4fbc7e57c59c460ff4f2bb6ebd24d3f296ed9f9988b069eb15daf11cfec145b46160a03c13b8e4aced9d7f243b3526216

    • SSDEEP

      1536:Zn/1CsEmkaMAPtahrOb8DktbTHA9glQnBiS31:512mkaMAFahrObTguanBi0

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      285KB

    • MD5

      8f38dc0367e9c62b9c89f0e38dacfd21

    • SHA1

      79bbcc3731be60a14a138f98647fd6b9c9d0b591

    • SHA256

      8fe994e2359ee4c51116ea5465f2069c1a2a58c0821fc35dc244e412f8ff31b7

    • SHA512

      d3b404bdc521cf85efa0ad69e8dcfc9a8ff3f13391bc4c301c394493e4898d39a7b1835d59e2b42a9a91b3081d04bdb39216bb001d9a3c61bee81e173f09b2e6

    • SSDEEP

      6144:Ee34yzpeZH+zpyuuz6GZkDOJ/7OafSH5KmrWym09x1f:DdeZHkwuPikQ7lKH5p5H9x1f

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      559KB

    • MD5

      51ba1095f0ae45a2d444bea506cb9ad4

    • SHA1

      038a5d53d055a6d440bd2c8864c2f51db206c5e5

    • SHA256

      b620091bf9973e807e12155d2247a6d233b5d13ec38c426675470ab4b26f0539

    • SHA512

      f5fe2dd0f19bcaab47540ceedbec71f7f7c5b833c8772c097594c458e5f1101fe9feb849812b65c175055f71dfb13f11c4ad94fef42cd66f247413e453de3361

    • SSDEEP

      12288:kbdmSvBuSrDWoN/8Z+iZz2ULoygI/htZw3EKwcxi0T8NGAmN:bSvBuSG7+iZz2ULoyXZzw3E2tT8UAmN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks