General
-
Target
2024-02-19_9340ca5c5503cd135958f64de58f6bcb_virlock
-
Size
3.7MB
-
Sample
240219-t7xlmaha34
-
MD5
9340ca5c5503cd135958f64de58f6bcb
-
SHA1
cec151a56f0477c2b66a57159a05e492a0e7c42a
-
SHA256
e84c5a6e36926f5b528e069f8f7590aae6a1b38fc8dfd1492f023c15edd2f537
-
SHA512
de5676248df77fe8d45e19dfb8615eb3c789aeb9dd5c454f236ad1a4266d8786c278e8ed03fe081a9bbadc3f88823f1756365cd50eef17141a26123c3b90e2f4
-
SSDEEP
49152:8UUVCmgh3KGXgzLaZdV3QN+E2iPzGFp1jOrwGN3GmmF0+MO/kEPYC3yTsG:r1haOZon2YzEROsT0X
Malware Config
Targets
-
-
Target
2024-02-19_9340ca5c5503cd135958f64de58f6bcb_virlock
-
Size
3.7MB
-
MD5
9340ca5c5503cd135958f64de58f6bcb
-
SHA1
cec151a56f0477c2b66a57159a05e492a0e7c42a
-
SHA256
e84c5a6e36926f5b528e069f8f7590aae6a1b38fc8dfd1492f023c15edd2f537
-
SHA512
de5676248df77fe8d45e19dfb8615eb3c789aeb9dd5c454f236ad1a4266d8786c278e8ed03fe081a9bbadc3f88823f1756365cd50eef17141a26123c3b90e2f4
-
SSDEEP
49152:8UUVCmgh3KGXgzLaZdV3QN+E2iPzGFp1jOrwGN3GmmF0+MO/kEPYC3yTsG:r1haOZon2YzEROsT0X
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1