Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4839574d3807246a5f6779f2a658f781_virlock_JC.exe

  • Size

    915KB

  • Sample

    230819-ssledabb66

  • MD5

    4839574d3807246a5f6779f2a658f781

  • SHA1

    7ac16bec3781c185e32189baf01cf4b0c101017e

  • SHA256

    c3c62d89f3251859a83c919319f6a8eaef90ad35da47e697abc977e8b7de1e42

  • SHA512

    87aabb2a51be67b841bfde6d7b9930a116e933aeb1ae2439205ca3520fa3db856c97bb04b8bed68da8506bc6a2ed3cec9cba8a1c120e6a6fe4d6741354f6896a

  • SSDEEP

    12288:srkbeZTah2U2Q2PumWuK7I3gk47/Zb1C3EJ3+BycVcX6XE5+AtB1S++8fDUk4smF:s4CZGH2QHNG4V1CUNFuMHfik/HeN

Malware Config

Targets

    • Target

      4839574d3807246a5f6779f2a658f781_virlock_JC.exe

    • Size

      915KB

    • MD5

      4839574d3807246a5f6779f2a658f781

    • SHA1

      7ac16bec3781c185e32189baf01cf4b0c101017e

    • SHA256

      c3c62d89f3251859a83c919319f6a8eaef90ad35da47e697abc977e8b7de1e42

    • SHA512

      87aabb2a51be67b841bfde6d7b9930a116e933aeb1ae2439205ca3520fa3db856c97bb04b8bed68da8506bc6a2ed3cec9cba8a1c120e6a6fe4d6741354f6896a

    • SSDEEP

      12288:srkbeZTah2U2Q2PumWuK7I3gk47/Zb1C3EJ3+BycVcX6XE5+AtB1S++8fDUk4smF:s4CZGH2QHNG4V1CUNFuMHfik/HeN

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks