General

  • Target

    VirusShare_35e3931741a01cd09ddb94ec0be0737a

  • Size

    657KB

  • Sample

    240204-zr7pjscfdq

  • MD5

    35e3931741a01cd09ddb94ec0be0737a

  • SHA1

    b9707a6e202bed72108f76ae49176d56d6538cfa

  • SHA256

    86a060861af903a9980f3ee1e65c85bf29e2a2e0159dfee341ebebfd27c2135a

  • SHA512

    b93f53095de5b1f80c5e69ae8f64ee79a3fb875969a659937d4e42b091a7c572575820b817333cb668ec3ccf851ddad4358d7b3122684b78919d2df6964a505b

  • SSDEEP

    12288:8CDgrnAj++G4GQTq4OaQQTYJ8eP4/L5uO7D3f5BOtq48aLQTkJ8ePv/r5uO7vU2c:8xnUdG4GQm4OaHYJ8eP4D5uOHBBOQ48F

Malware Config

Targets

    • Target

      VirusShare_35e3931741a01cd09ddb94ec0be0737a

    • Size

      657KB

    • MD5

      35e3931741a01cd09ddb94ec0be0737a

    • SHA1

      b9707a6e202bed72108f76ae49176d56d6538cfa

    • SHA256

      86a060861af903a9980f3ee1e65c85bf29e2a2e0159dfee341ebebfd27c2135a

    • SHA512

      b93f53095de5b1f80c5e69ae8f64ee79a3fb875969a659937d4e42b091a7c572575820b817333cb668ec3ccf851ddad4358d7b3122684b78919d2df6964a505b

    • SSDEEP

      12288:8CDgrnAj++G4GQTq4OaQQTYJ8eP4/L5uO7D3f5BOtq48aLQTkJ8ePv/r5uO7vU2c:8xnUdG4GQm4OaHYJ8eP4D5uOHBBOQ48F

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release1021chaction.js

    • Size

      864B

    • MD5

      6d036764ba743c118e7b2b3624b2b1b3

    • SHA1

      5e078e67eb725f8edc9553c76980574eef0c8f24

    • SHA256

      7d979dffb8a9b70ac8527d7118fca1531a47c7f90790b1dfa5893dc6731374f1

    • SHA512

      3fb3ffcdd8e14d0056163e8c46c6a7c266c0ab3cb28a1b6376827469bbfa7dd73f16d8c8eb3a9dacf1daf3be1167bdf963b3ab53d6c1b992680155a395299da0

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1021.js

    • Size

      765B

    • MD5

      d19162e40a709d3df46ca304ef5be8ce

    • SHA1

      024ddcb0814802338f88ae0a3e45fe139a49e71e

    • SHA256

      af5cc95c7110e9aa9dd82a3eab373175c112d4eaafd21b385faf18cdb93d15fe

    • SHA512

      27ea0c23ad1fdfd89b32050419f35148d88d10c929b267c3de955448a058e6acb322ab0624dcc3d5f670f09f787c82242f1df3eeb7a621f0e433b1a56afd7960

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release1021ffaction.js

    • Size

      702B

    • MD5

      48d8a7ef886fbcec95ba657da8dddf73

    • SHA1

      176f406740061b8589df5c32be461cb802ab9aa2

    • SHA256

      6bfd4146274a0aa2ac79532fe5d40780004e1c2748e3bd63d905a03dca0ebe7d

    • SHA512

      aeb26630da4751b1f6d6a84d2913e6142f0b556d25d56ffd2550f636480b8c6c7dd4a9d2aeef492512ac2c8ec4e3a720cb78eb3d61290a4fc25991195ffed0d1

    Score
    1/10
    • Target

      ie/RichMediaViewV1release1021.dll

    • Size

      85KB

    • MD5

      53d65ea49f2bbd4d390f0b950bd136d0

    • SHA1

      de8b0a45b7943608568db6446aa4a56b9e3ef2fb

    • SHA256

      6ac0efff3d7246ad4a1d05e2ddef18e91aa035f3d98a42f81c496f50d637f873

    • SHA512

      b6e2d22a40ebc9f1098be2f50ae4c838366dfb8eebf461dcc065af4582a2c8c11a341d1ccb557c0dc6e2810ca29544922841ce002fa330e5ad7150ae3eb36e40

    • SSDEEP

      1536:EhMWCsgyMIwPnt6hp1ZcTkrCnkCTfLlQ/vEKS:JWKyMIwPt6hp14kga/vE3

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      faf5fafa5170cbf3dfefb48b76b91a4f

    • SHA1

      4043e9664c1de68b26931dcec8ebf5c9ac48ce34

    • SHA256

      f37efc6183d5d44251199ebf152988a66a09a1eb6f1851516cde4cb84cdc59f1

    • SHA512

      fa8ac37402a0b4a3829408b2ccec03ef0511b4989a440258afd4773b2a9cc1c75c9968b98dba40db11bec84e0844fb18ceb210c25d8c5414f19d1394061835a4

    • SSDEEP

      6144:Ue34b5CaRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmA:q5tq4OaQQTYJ8eP4/L5uO7D3f5BR

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks