General

  • Target

    VirusShare_c0f333c61c254abb9376221793b1d959

  • Size

    657KB

  • Sample

    240204-zsby9safd4

  • MD5

    c0f333c61c254abb9376221793b1d959

  • SHA1

    bd76bdac130b1012274cf028d969ff2d9a723585

  • SHA256

    37ab3f2f522c6675c8a2f3d043bea79789127f3b3d0fa508f3bca71980406d15

  • SHA512

    90ac681f23725e7fe7a2451617910aee573ac66c7a2c31781a288ca80d5f4af9bb30f90bec57846ed3fd25fa522beb45bec287bd930124b853bb85173580d06e

  • SSDEEP

    12288:f7d1Qd/4G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bmq4IalQTSJ8ePt/t5uO7EU26qBu:f7cl4G4GQm4OaHYJ8eP4D5uOHBBL4IaP

Malware Config

Targets

    • Target

      VirusShare_c0f333c61c254abb9376221793b1d959

    • Size

      657KB

    • MD5

      c0f333c61c254abb9376221793b1d959

    • SHA1

      bd76bdac130b1012274cf028d969ff2d9a723585

    • SHA256

      37ab3f2f522c6675c8a2f3d043bea79789127f3b3d0fa508f3bca71980406d15

    • SHA512

      90ac681f23725e7fe7a2451617910aee573ac66c7a2c31781a288ca80d5f4af9bb30f90bec57846ed3fd25fa522beb45bec287bd930124b853bb85173580d06e

    • SSDEEP

      12288:f7d1Qd/4G4GQTq4OaQQTYJ8eP4/L5uO7D3f5Bmq4IalQTSJ8ePt/t5uO7EU26qBu:f7cl4G4GQm4OaHYJ8eP4D5uOHBBL4IaP

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release114chaction.js

    • Size

      859B

    • MD5

      9dfc283e0f30485b2f74aa49dde50e13

    • SHA1

      d59c02442a73d1cd602ecd1feba649f11b4d6351

    • SHA256

      20f9497bbb83be0b0ff5c3d88da75cfab31b2d15b9ba03ccd2fe5034ab232867

    • SHA512

      03bea35c6b4f30d72f8c8da34ebb846f0db42a861a22e4ac6afa3ebd341d717894bde4b36c68020ee499e8237fa710b7b9c0fb90e4f460f29e4690bc9db01cf5

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release114.js

    • Size

      762B

    • MD5

      274236c90c0b1e06845de9687248f384

    • SHA1

      c3bb10f9855032ba7105f0e086200462329559ee

    • SHA256

      46d57cd33f8f972f0e48cc6d23e7c9f104bf63c9d93de8d946cd7bb55e1046c1

    • SHA512

      d5d368c3786070bd2d6ff158ab1bf3b50260e4e5120ddaa7b5145356d20266fd172429d366e57f7957296b57e5bddecefdc4007dc0b40a4aca59d92a209597f0

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release114ffaction.js

    • Size

      698B

    • MD5

      775846e7353df690ea6e4a5c3a02fa6f

    • SHA1

      cd620d5cae0bca86ab716bd46442a503d1f21087

    • SHA256

      f4ed8b919b9beb0b4e8274007e28ea67a8dcdf07a9927a0a370780a99e40248e

    • SHA512

      3b67224ddc115a02e6407dff92e761ccf66b70a7c234dd134319210ff1ae13c838a5e6c1dcaf01927e8c8342f38290158b9784e5e5398d70b1a0f5892308f6d3

    Score
    1/10
    • Target

      ie/RichMediaViewV1release114.dll

    • Size

      85KB

    • MD5

      0d4a2b9f7e099f2a7f5bc18cabd5a0a6

    • SHA1

      c2988b54442f6295fb91e52e7398ba2e2cfd6ee0

    • SHA256

      fd91819eba361abe481d579866b4a7a43dcb396cecb03c434f85f3c8f653c4a4

    • SHA512

      9c50c8619fd7df35a5c80750338f6f654f2383c92b2d11eefe935e9124574ddd83628cde0cdbafede6dd3f2da2ac5dcbd95b059513e4fea166c2c99a7a90dbd8

    • SSDEEP

      1536:Fkf9Csc+EE7MsV5N60GlVk8jkrwAHnqLhPLlQETktBZ:W9++EEwsR6FlVAHnmaETk9

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      9a871b023553154f63f4af1bae5fbe37

    • SHA1

      39db5b0c004bc84100b5ca3da0f89785591ee537

    • SHA256

      4cd8682ad0ea720e8d8504c4be3829499939df480e9c9bf751130debc4cabcec

    • SHA512

      96125b52acc280cafe0f45d1717e3c25c3593f5f73c816b0ff555e864312ecf6e4603da3e557ee47a504d05821147459fe70a23dd1989814057e561da2b3d76c

    • SSDEEP

      6144:Ue34QBRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7BmI:dBq4OaQQTYJ8eP4/L5uO7D3f5B9

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks