General

  • Target

    VirusShare_cbefe1d3aa7d9666d39f097158aa448f

  • Size

    657KB

  • Sample

    240204-zvfp8sagc4

  • MD5

    cbefe1d3aa7d9666d39f097158aa448f

  • SHA1

    d63b4190b399a3bb72e0f24285da17f53c98bdba

  • SHA256

    74e917a42bd795d8f374b6c812252d74f4ba6033e6039ecc544dc92619af7dc5

  • SHA512

    c39f70418bbb5a8d3170787580e51736d2a978da9235937a0c3e14aff24948a80cbd5abf221ba80674207e1a66586547f9d12c107587b21e65a9515c701d33ae

  • SSDEEP

    12288:W0I1G4GQTq4OaQQTYJ8eP4/L5uO7D3f5B/q4ca7QTgJ8ePN/P5uO7GLvHfAS:W0I1G4GQm4OaHYJ8eP4D5uOHBBi4caiJ

Malware Config

Targets

    • Target

      VirusShare_cbefe1d3aa7d9666d39f097158aa448f

    • Size

      657KB

    • MD5

      cbefe1d3aa7d9666d39f097158aa448f

    • SHA1

      d63b4190b399a3bb72e0f24285da17f53c98bdba

    • SHA256

      74e917a42bd795d8f374b6c812252d74f4ba6033e6039ecc544dc92619af7dc5

    • SHA512

      c39f70418bbb5a8d3170787580e51736d2a978da9235937a0c3e14aff24948a80cbd5abf221ba80674207e1a66586547f9d12c107587b21e65a9515c701d33ae

    • SSDEEP

      12288:W0I1G4GQTq4OaQQTYJ8eP4/L5uO7D3f5B/q4ca7QTgJ8ePN/P5uO7GLvHfAS:W0I1G4GQm4OaHYJ8eP4D5uOHBBi4caiJ

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10
    • Target

      ffRichMediaViewV1release366chaction.js

    • Size

      859B

    • MD5

      cb2ce344a943cb37e8114a0f35af6f0f

    • SHA1

      48ab451e6a9b20e6ea0a32273a9085c77f8029c8

    • SHA256

      55a8f6c5d94be4e837b1f8bf230b34ee2c44437d85df18dc307969ff3376f5d2

    • SHA512

      129092d222e17d213583c6ba789972533f08cd43aecbe37cf5f30e90a32c082628896505f8e179b038ab5be5f4a953f42e79dae81dbea07a42c23d1c75b4e059

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release366.js

    • Size

      762B

    • MD5

      a07b29e77e61784bf634a48c8f944cb7

    • SHA1

      3f2f397b58960252dd9dcedcf74157d3e7dcb40c

    • SHA256

      f2bdfae66d6ce36869f737eba3c20da4cc3dc228d9d3879b3c024cc0cca1c97a

    • SHA512

      5e7e28a095a528b5a49760b5f503cd2d937577cdd8974b4be1bcbda3ade50cab999a43b65049509e61156c1ab51811735c16d82e17fdb9af6cdde2fbc237808b

    Score
    1/10
    • Target

      ff/chrome/content/ffRichMediaViewV1release366ffaction.js

    • Size

      698B

    • MD5

      e9629c24ed628d4e7de12e20dcbc3ac6

    • SHA1

      f50907e0dab30c7718e8930b12f11344c30fd970

    • SHA256

      234e65a76149c7eb2ec5f5dd508e0ca8f1c285d58a71cc215535875b2438fc1e

    • SHA512

      302f55bded6757219aeba00ce163700e0daaeba4ab78e2094526226437c52edafc66a7bad93fc1c1bfbaaf8d30d95e217e8f30dcd4a802e7befd3541d8eb694f

    Score
    1/10
    • Target

      ie/RichMediaViewV1release366.dll

    • Size

      85KB

    • MD5

      28e6cbc486fb1cf65c40ef6c24fd7509

    • SHA1

      c3b12b86ac90da32f6a0b7376fe64cde75c95b02

    • SHA256

      794177cf8cd4d280e6319d1cffb3754b99d6ac55773f41e0120a3600456e6330

    • SHA512

      0eea25cb16fd265c6e92fc89322018dfce53a2621d95629ff28e7bafdb53d000887b2b2830caba526f21d3b4225603d130f9700e2c9b14b6a6977e20900b244d

    • SSDEEP

      1536:ukf9Csc+EE7Mst5N60GlVk8jkrw4mnqLhPLlQJV1NBZ:B9++EEws56FlV4mnmaJV1d

    Score
    6/10
    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      uninstall.exe

    • Size

      289KB

    • MD5

      f9b7868a5903b13c0c924806acfb8607

    • SHA1

      f2833bd49874050e0e57bf3875ddb0a8a2f7f1ba

    • SHA256

      3eba17c172555d0d627ca384ae83973924f0348e535d403d3b0d97d1b52b8c16

    • SHA512

      6a061a81ef813bbd6d2e649ee4ac000afd3a6c8f516171b030db689c5b0da99033e2b314f38432057183dec777541267b11eb3aae302c1891ff33eefdecb4997

    • SSDEEP

      6144:Ue34FaRg4l8ai5PQtTZ763J8eWW43YLYjn5uO7D32fuCa7Bml:Iaq4OaQQTYJ8eP4/L5uO7D3f5B0

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/aminsis.dll

    • Size

      567KB

    • MD5

      450753ad96785a240a39deccab3af0d0

    • SHA1

      21c544064d2ffa6444508268ce258a330d459fc5

    • SHA256

      1c371dcc6c3428ea98fb0d2dcb612b4ebc731f3ed72e683c8e33058cd2a952d3

    • SHA512

      c41b834f4228b7668316095569c836b4e0d55c5fbf310c65b0e0453ef0e74a3ce8f9357cea90b80f6590f85dd7708eeb4eec27518811ea4aab20c0e7f5643dab

    • SSDEEP

      12288:i/x6GnSkidh7NfMc4G1ppgH81vrKiuu+PUHOGcl5Sbl9B9GUdL:9GnSkWh4G1ppgH81vrBu3MHOGUKfGU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks