General
-
Target
2024-02-19_bd7af9ee4a321430c081293bf23511a6_virlock
-
Size
2.0MB
-
Sample
240219-vbmxzshb57
-
MD5
bd7af9ee4a321430c081293bf23511a6
-
SHA1
75d8c44b6b614225a100c4b068206bd030fd505d
-
SHA256
4b43f8d9da366bd3021f417c6227d7272cd354f7039218eeee6507573ba1477e
-
SHA512
15fea8a8160eb7d5b5edf82c73b1f733b55464a83ee8cf22a82d781a0f96fba41a4ab04ee0e50d0607e9d514cd60c71c1ce74859789814f53e2dadc7465303fd
-
SSDEEP
24576:wEjNV509U3uABOiDfRePDE8vlxk7Tnhm7svkf0dJP97SySpTufYvzWmVZpYdb:jubEOiDf0LE8dgE7sMMPIpTufczY
Malware Config
Targets
-
-
Target
2024-02-19_bd7af9ee4a321430c081293bf23511a6_virlock
-
Size
2.0MB
-
MD5
bd7af9ee4a321430c081293bf23511a6
-
SHA1
75d8c44b6b614225a100c4b068206bd030fd505d
-
SHA256
4b43f8d9da366bd3021f417c6227d7272cd354f7039218eeee6507573ba1477e
-
SHA512
15fea8a8160eb7d5b5edf82c73b1f733b55464a83ee8cf22a82d781a0f96fba41a4ab04ee0e50d0607e9d514cd60c71c1ce74859789814f53e2dadc7465303fd
-
SSDEEP
24576:wEjNV509U3uABOiDfRePDE8vlxk7Tnhm7svkf0dJP97SySpTufYvzWmVZpYdb:jubEOiDf0LE8dgE7sMMPIpTufczY
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (54) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1