General

  • Target

    a124647617b598e1bf34fe07770d0d6b1a9aab8aa5167949b9693d16046bc291N

  • Size

    1.1MB

  • Sample

    241021-jlmjesxbrm

  • MD5

    395feb0db0a8204d4eb9206873b7f9b0

  • SHA1

    0474219d57e3410906ca5cf27f363eff8db1e3c5

  • SHA256

    a124647617b598e1bf34fe07770d0d6b1a9aab8aa5167949b9693d16046bc291

  • SHA512

    56eb5b7a440215675a338c9e24422d17642a339410662ffb538f16b3406eb55376009115164f7e842166aa98ab9e3f9af9917268a705e74d542c65116f2e204c

  • SSDEEP

    24576:qVOYQIRPK/Z1DFc/nGKDzyZZ2eYvgNgS1GoElig44vIPybuioo:sUD0Gmy/2eelS1pvY7iioo

Malware Config

Targets

    • Target

      a124647617b598e1bf34fe07770d0d6b1a9aab8aa5167949b9693d16046bc291N

    • Size

      1.1MB

    • MD5

      395feb0db0a8204d4eb9206873b7f9b0

    • SHA1

      0474219d57e3410906ca5cf27f363eff8db1e3c5

    • SHA256

      a124647617b598e1bf34fe07770d0d6b1a9aab8aa5167949b9693d16046bc291

    • SHA512

      56eb5b7a440215675a338c9e24422d17642a339410662ffb538f16b3406eb55376009115164f7e842166aa98ab9e3f9af9917268a705e74d542c65116f2e204c

    • SSDEEP

      24576:qVOYQIRPK/Z1DFc/nGKDzyZZ2eYvgNgS1GoElig44vIPybuioo:sUD0Gmy/2eelS1pvY7iioo

    Score
    3/10
    • Target

      $PLUGINSDIR/HTTPHelper.dll

    • Size

      48KB

    • MD5

      b11d158be8a3b8932e63a22af502be76

    • SHA1

      48f244148e48fe7c5912dbb86a0e0ed9bb089c22

    • SHA256

      94f3dd6cb7ab6735afc1752b237462eb5722538c615c82f416ab6b5b485a33ee

    • SHA512

      1ff76bab85950bc711b6c0fb4222255eff677512ae0c0d8b4531fdae8f9726cea17aec9056e4bf9404217003f0ebe3e404272461b66a06751d270a3ca7b64b15

    • SSDEEP

      768:Xd0otXWqIYT3nMHoZqcxZTmXOMesGNijpGTKPIDA3ojWjtb:tgm/zTmXwsGNi1xo0J

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      43KB

    • MD5

      4a9319a0d4ff15bc373759e21bdd6143

    • SHA1

      319ac86ea2e9fce24987c6b0c5077aaee2590f1f

    • SHA256

      cc1d7c5cd40a9edf23e0ecd560d0d96127dd5e41b7b6c89b356c2ec87d309d30

    • SHA512

      3f3210dbd47cc36dff65e9fbef8dbadfbf4ff956e37e1b4be60336f70e969d4ad37f79d5162cf1050422b89ddb7f88f9343d0db7c99aff114dad4408bb53e8ef

    • SSDEEP

      768:uD9UAwOl2z8xfTqdLvZtCsJoiE8Td1pJSa5qvI:uD9M98YzZtCsRxTvH5

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      a78507ea1078cadaa8b2ec1a2e1d874f

    • SHA1

      77fe20488444ebbaafc5b2c0743251a94edc3b8e

    • SHA256

      93d1e681daebfd24ff9fab3952e8ae94eddbdfb3650937988c1fd8085991610e

    • SHA512

      0399452c7305f23576d4175ec198ad8da8a530215e9304632b20bcb41a38fa0ba2c1c0b0b734b9f887851c92c7f2cf4cdfad403ace84e63318c0694402e1f270

    • SSDEEP

      192:8trS5c+oKreH53n2fUC1lfeTf9OJCzD4/IVqh88GrgU6H:/jrd09O3/IcG8U6H

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      bcec2a6095d38abc192a68d094c302d0

    • SHA1

      9e88c5b957b45524690513b75d81dee259d5d599

    • SHA256

      446000200eff4f9c20761ce1680902daba190c81a57154f4917b1741d7800e3c

    • SHA512

      b48e85a17904a104eef573358763a0b1215eec96f72f83ff544d2dab22737bc42411ca505adf3f7e95c6f7e7997ad3e408f258093727105b678d5eee8d8e6278

    • SSDEEP

      192:mNnXQprEE3vHosEWFt6F5SLdn93YUCzj7qUFVWsSCDLjcOq98sswY:WnXQphvHJFoFe93D2xVWsSCHZq98FwY

    Score
    3/10
    • Target

      ShopAtHomeToolbar/ClearHist.exe

    • Size

      52KB

    • MD5

      f61af33629d6d08fa6937e2192724244

    • SHA1

      d447eedc7f9dcafba762a987a83d89a461d86db4

    • SHA256

      402a44bdc002d44be6c90cbb1b94c7a356a7336f2b01d946cd0875c08820c6a5

    • SHA512

      bb0ab785bc0bb9be29c07a931d8226dce4908b4d8824d51672c9239a2cbf29b20e0e41e11cefff895a88e380e84a29aa338619a1db4c1bbbd4e633482ed3f06e

    • SSDEEP

      768:ol1vhK/3805xxnCjNGSD35ArbhNmkVKJjn2LEDiPNmuIJo6PMYY:AvhKXzxqGI32rtAkI+VISYY

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      ShopAtHomeToolbar/IE8GuardWorkaround.exe

    • Size

      106KB

    • MD5

      f8015e5404c8f0b325de68dc56acd05d

    • SHA1

      0c18d61abcc022bbc32cf45640105f1cd3c79204

    • SHA256

      b9370f9f974cb5a58538679dde7e8b44035b713df6f0d8f7ee7cf840a4a3e06f

    • SHA512

      42989eb292d77591cc7539c95a1e86fabc336a9455faae0c6724752e9e4f8eb97ce03e7a50c089d57114dfb667a763002152f7bd4b65e4f91e4fff202c139844

    • SSDEEP

      1536:gMAZXpGCWLsKflkkAp03y0bWVrgIp65ohg:/bBAp03yqWVkIp6u2

    Score
    3/10
    • Target

      ShopAtHomeToolbar/SAHPlugin.dll

    • Size

      98KB

    • MD5

      6542c94933480bd2683082821a771218

    • SHA1

      4129184120953f938ebb8f31d9338a02f47f6252

    • SHA256

      4e698090b67a4459ac0078ef071b256e1fffc1370b5b8d0656d5a12356ebdebc

    • SHA512

      f6736ab3455c3ec9adcaacf805db524abd0e9c8fce0a8c05e69572efc0a6a6249f42520e9bac48df35eb1aebd813c3a483d1b379066b7ec25a87292ee55f4155

    • SSDEEP

      1536:B1EI9jKXzPZv9HNuQ3ohyZQrp0qYKbSwxdI0BkVOgkjHbWL:1W9QQY8ZQrWeSwdSJkjHU

    Score
    3/10
    • Target

      ShopAtHomeToolbar/ShopAtHomeUninstallA.exe

    • Size

      270KB

    • MD5

      532f3a046ffdb855dd6bbc275373cb9c

    • SHA1

      5c1ae277e0992dc21ea8c004ccec86f2da205f6d

    • SHA256

      784e623ceebb437ebb2d8ee292c9f1d43b89c59b7a73bd4e4ddb1df4b1d26cbd

    • SHA512

      597d639f086e452549810b984ac5d325ca7972ae02f81293ae1ed68726d5555b20567b643a6d17bbccadaf4be5d759884a352f1724e918a9a1f4c6b1d3a8f576

    • SSDEEP

      3072:bZsKZzUbT6oWFCJ/jnRpqPe/Nc36bSgk9tRGJfRr:bZfUXxVLRkPwwh9tIfx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      ShopAtHomeToolbar/TbCommonUtils.dll

    • Size

      115KB

    • MD5

      e42e3ff4dc76338e9a87b9602e055e0c

    • SHA1

      7acf12925b4cf1c94115636185c1968332eee389

    • SHA256

      3c870a9fcf250d30231e76b5896b3cb71b3084e9e6e703a7f9fb64d074d1a958

    • SHA512

      147103a10ba70396241f4254f900eb63dd4c38a76d3e0b2ae440bbd434efa9a07871c4964dc47cbc8a9f94f18f011c47328d2319bc6d4dad37897f01363b7a20

    • SSDEEP

      1536:q0x9icpvx2eOt7RMxecZofwYkj9YDNoQCTlnk4E8w0Vi6Ii:h6Ko3XDfwJYDNoQ2lnk4EjIi6D

    Score
    3/10
    • Target

      ShopAtHomeToolbar/TbHelper2.exe

    • Size

      197KB

    • MD5

      6ca9d05fd40e8318e88897d65b88f534

    • SHA1

      5f26fe6ec6e393bc181bc430fa4f2e791f9106d3

    • SHA256

      d9f229a593fbb0f9c63d9682ccfa749d66fe5d8eba3b049658728f2da418605d

    • SHA512

      2fff75288797a2ff4441b2d90b7ceab8ef73ef90d78d6bdc65a47b0de5101c08d8a242c2240a02e74db9ae3aa4f8f0fcbcadeb6f7a7a475fe6a0a6ba66afe823

    • SSDEEP

      3072:5sqoPc+cryKikjBJ6lgfWHzWZw1QDVbBAjLnD5p3E:e3PPcikjBgHzSw1VfDnE

    Score
    3/10
    • Target

      ShopAtHomeToolbar/tbcore3U.dll

    • Size

      2.5MB

    • MD5

      cb76aa57b1a3c787a06054e2bbea9519

    • SHA1

      a2f45f491f44d1a345e640d2a20d8cbfcda4654f

    • SHA256

      5410b0ff80287d0cfa4b05ee50cf522f522a5035cd7b8ab8ce8497ccdab01fc0

    • SHA512

      533a92a5d5c71ab9b7031451514850ca3986f2a46ebfdfb762873db0c76dab11ad6cafacef7f35294de71a0223361c7440788a36c5adcd576d0a65ea3752869b

    • SSDEEP

      24576:ox4UslvsWdOw2WECKAslAVQCEJ2P5QXiXGAZuxF1XfEzaYn4SN2TxyQGZ2gnE4:wJOXTP56iXZUxvXszx4SgTMRYgnJ

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      ShopAtHomeToolbar/tbhelper.dll

    • Size

      290KB

    • MD5

      edf0df137f6944a1c2281409617a5956

    • SHA1

      775c91430e60c4704ae786371ee8e0b734b5d818

    • SHA256

      1932113729bf5918eedc2ba535e48e1691c0a181568930a3c62740158089539f

    • SHA512

      fa549216790561359bc5aef72ceff255230887894b383653a7061e1bf0fdc1af12a0b48c9dba784b8bcce0a3a913866b05f33c57db1106897394e20f3c626c98

    • SSDEEP

      6144:XGmhFh+/KFajwZqWnOcl74fyE9MnGJi+bnQQVEBl:jjs8asEWnVl74fyE9MnSiQBEBl

    Score
    3/10
    • Target

      ShopAtHomeToolbar/tbs_include_script_externalsearch.js

    • Size

      537B

    • MD5

      a1d0bdcb9e04da934c1292906e02b41a

    • SHA1

      35fe41637b9ca097616b630b8f2f773f0fcc987a

    • SHA256

      433e1e3029b10314fba1d626f0cbcaed3a16ad606e8f9ecf75cd0491e720993b

    • SHA512

      e5e780d784a222c7db19960817bad64bf2d9b5741af669649aa75afc90440b6a0478ce0e8309a33b26b0e6330c3cdc4093bd25a2eaf74c50483bb12dbc9761c9

    Score
    3/10
    • Target

      ShopAtHomeToolbar/tbs_include_script_showhidetoolbar.js

    • Size

      2KB

    • MD5

      ea4e2a2ccbab5ec9f855711f5e68c358

    • SHA1

      decd8ecdfa9e9db0b6d4f4946a145cfda7ef6ed7

    • SHA256

      364fbfbd73835b13b3c709f4bf463d806be64abf740914eb1f993eb61a3890bf

    • SHA512

      0952d2165016025f6df8fc80d261a87b33f8dfce597f207a2e2a7f42e77a5154d36e69818d0ddb601fabd4c48ceaf3e1fd7c2b2e77087eb9375ebc67f30c0f53

    Score
    3/10
    • Target

      ShopAtHomeToolbar/uninstall.exe

    • Size

      39KB

    • MD5

      bd424b8edd4d4869785ed321af241c71

    • SHA1

      74135638c58a9f706e896317622f0d71ca4babe0

    • SHA256

      ce50618c286c9e42ccbb10b4caf241b0ab0ccb1e37e74f82c91f36fbc33243de

    • SHA512

      bd6426da4d644b112d94c3173a511da7759e17b9790845dc6ed7261dccc713a0979c021625753357767b5b58150e8ed6ea24563a29b7b9af28963ab91d4b52a5

    • SSDEEP

      768:i+biaD1wS/2huzaqHo7M8OEDkHAnaLcgMNZdRko6PMU:i6iaDSPKo7MK5VN3RVU

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
7/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discoveryspywarestealer
Score
7/10

behavioral18

discoveryspywarestealer
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

adwarediscoverystealer
Score
6/10

behavioral24

adwarediscoverystealer
Score
6/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
7/10