Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-03-04_35b386dafc27af8cc78d5925529f2cf9_virlock

  • Size

    255KB

  • Sample

    240304-qmt38acc78

  • MD5

    35b386dafc27af8cc78d5925529f2cf9

  • SHA1

    ec08ffa933883f9dfddacf84f440a5516001cabc

  • SHA256

    242afd19edb51cf34e457ec85eed898d9c6205700827bee2a7ac23cff9580137

  • SHA512

    290b5293339fcfc3bd4f3e22a573302defb49f94cd46c0573b658c004ebe512a6ff59634bf1dc6cce69d22c1dec9647919dfe1f321bed3f6d1c269793191b709

  • SSDEEP

    6144:MjKGozCTPblKg/utqwqTyfmK4CP/jHuR2Q:MjKeXlKg/uwwqmfmLCuX

Malware Config

Targets

    • Target

      2024-03-04_35b386dafc27af8cc78d5925529f2cf9_virlock

    • Size

      255KB

    • MD5

      35b386dafc27af8cc78d5925529f2cf9

    • SHA1

      ec08ffa933883f9dfddacf84f440a5516001cabc

    • SHA256

      242afd19edb51cf34e457ec85eed898d9c6205700827bee2a7ac23cff9580137

    • SHA512

      290b5293339fcfc3bd4f3e22a573302defb49f94cd46c0573b658c004ebe512a6ff59634bf1dc6cce69d22c1dec9647919dfe1f321bed3f6d1c269793191b709

    • SSDEEP

      6144:MjKGozCTPblKg/utqwqTyfmK4CP/jHuR2Q:MjKeXlKg/uwwqmfmLCuX

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks