7f9c368fc90022f254e33ca2ea843aac91e837f0e89676fd362e83f99361f75c | Triage

Sharing

General

Target

20230429d093e0cbc91db4411c651c57efa51da1virlock.bin
Size

526KB
Sample

230506-zqcg1sff8s
MD5

d093e0cbc91db4411c651c57efa51da1
SHA1

1c60d3d5e5252f2bd6278d4abab89e5d2234430e
SHA256

7f9c368fc90022f254e33ca2ea843aac91e837f0e89676fd362e83f99361f75c
SHA512

1dc3dc6d06ffbcafae09bc2cdb579deed7af94f1009da6e791cb4d224afce10a7620dbbf6634ae71ec7ca0904406f8f7402b435059a7a8cb6e5c34e6e7cd8ac9
SSDEEP

12288:A/lAQrB7p7avprhs+BMz6xY53S/hh9CxitXo7oqxgggggggIzll69:hlMavv9Yitgzll69

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  20230429d093e0cbc91db4411c651c57efa51da1virlock.bin
- Size
  
  526KB
- MD5
  
  d093e0cbc91db4411c651c57efa51da1
- SHA1
  
  1c60d3d5e5252f2bd6278d4abab89e5d2234430e
- SHA256
  
  7f9c368fc90022f254e33ca2ea843aac91e837f0e89676fd362e83f99361f75c
- SHA512
  
  1dc3dc6d06ffbcafae09bc2cdb579deed7af94f1009da6e791cb4d224afce10a7620dbbf6634ae71ec7ca0904406f8f7402b435059a7a8cb6e5c34e6e7cd8ac9
- SSDEEP
  
  12288:A/lAQrB7p7avprhs+BMz6xY53S/hh9CxitXo7oqxgggggggIzll69:hlMavv9Yitgzll69
Score

10^/10

evasion persistence ransomware spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceransomwarespywarestealertrojan

behavioral2

evasionpersistencespywarestealertrojan