Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-03-04_4a3143bcb1176da995d8b0256c1efbd4_virlock

  • Size

    255KB

  • Sample

    240304-qmyreacc79

  • MD5

    4a3143bcb1176da995d8b0256c1efbd4

  • SHA1

    b596490f0fa1a3f9fb616a5544cd7b82451a3885

  • SHA256

    1bce0259ca5712bac00a1c51e3289bf1f51e2e43c9c491d877f2890a4e6b0dcd

  • SHA512

    663ed697cbd20a462b0294cefa9fb180ff65da4c7bf8a3953fd5ca6b9234dba083918e7139bdd266e9c6505c2cf799c3ff0a32b44571f774a7dfe699b5120b16

  • SSDEEP

    6144:ZAMu/LfXQ6G9SLfu7HXLh1jlbcrAMc18/DUhnzEH:iVQ6GcfuzLh1jlbcrAMc18/DGnwH

Malware Config

Targets

    • Target

      2024-03-04_4a3143bcb1176da995d8b0256c1efbd4_virlock

    • Size

      255KB

    • MD5

      4a3143bcb1176da995d8b0256c1efbd4

    • SHA1

      b596490f0fa1a3f9fb616a5544cd7b82451a3885

    • SHA256

      1bce0259ca5712bac00a1c51e3289bf1f51e2e43c9c491d877f2890a4e6b0dcd

    • SHA512

      663ed697cbd20a462b0294cefa9fb180ff65da4c7bf8a3953fd5ca6b9234dba083918e7139bdd266e9c6505c2cf799c3ff0a32b44571f774a7dfe699b5120b16

    • SSDEEP

      6144:ZAMu/LfXQ6G9SLfu7HXLh1jlbcrAMc18/DUhnzEH:iVQ6GcfuzLh1jlbcrAMc18/DGnwH

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (82) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks