7df496b08f270e19508a8171d50cf1a69a4b363fa3bb77dc150e2ba1d546b742 | Triage

Sharing

General

Target

2023042930771e017e39e738bbd8121d5493696dvirlock.bin
Size

251KB
Sample

230506-zpmxcsfe9y
MD5

30771e017e39e738bbd8121d5493696d
SHA1

1e7bc8549c7d6821c5b1750c6b2af65084a46038
SHA256

7df496b08f270e19508a8171d50cf1a69a4b363fa3bb77dc150e2ba1d546b742
SHA512

343080da6368dfebe739494fcf0cc994df44a28f4571da4e3562b44716896b4a5c04c763835115c50c4d0363e6ae7dd79ac12031051c3728333fae9a95d3afdc
SSDEEP

6144:IK/ejbN4eIwmARX4Wgy4pUGNhZbxiCiV0T2nfRfq:INt4eIwlRX4C4p5Z9P806fl

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  2023042930771e017e39e738bbd8121d5493696dvirlock.bin
- Size
  
  251KB
- MD5
  
  30771e017e39e738bbd8121d5493696d
- SHA1
  
  1e7bc8549c7d6821c5b1750c6b2af65084a46038
- SHA256
  
  7df496b08f270e19508a8171d50cf1a69a4b363fa3bb77dc150e2ba1d546b742
- SHA512
  
  343080da6368dfebe739494fcf0cc994df44a28f4571da4e3562b44716896b4a5c04c763835115c50c4d0363e6ae7dd79ac12031051c3728333fae9a95d3afdc
- SSDEEP
  
  6144:IK/ejbN4eIwmARX4Wgy4pUGNhZbxiCiV0T2nfRfq:INt4eIwlRX4C4p5Z9P806fl
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan