Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-03-04_ca253babf292ddcfd0239e16b6e84451_virlock

  • Size

    255KB

  • Sample

    240304-qn2jpacd26

  • MD5

    ca253babf292ddcfd0239e16b6e84451

  • SHA1

    c72f73a9e7dace16412324ac0fb3ebdd4ef35016

  • SHA256

    3aba7a642a1c3c828f12dd1e09c2e5cc782985cf6a6a14727236e6af4552cd48

  • SHA512

    524d84929483d13e838e33a2c5c29440cd45afbd3c67270ec89796c3bc2f1f33a692278767644a3fb03d97b49561b17c81318d2a396d9bb3663f088c2052d8f8

  • SSDEEP

    6144:XH0wzxZKiPCeuHQ9B6I7ZWZpH0v+LwhcwCBUJn:Xx9Z1PSHQ9B6I7Uh02LwOBEn

Malware Config

Targets

    • Target

      2024-03-04_ca253babf292ddcfd0239e16b6e84451_virlock

    • Size

      255KB

    • MD5

      ca253babf292ddcfd0239e16b6e84451

    • SHA1

      c72f73a9e7dace16412324ac0fb3ebdd4ef35016

    • SHA256

      3aba7a642a1c3c828f12dd1e09c2e5cc782985cf6a6a14727236e6af4552cd48

    • SHA512

      524d84929483d13e838e33a2c5c29440cd45afbd3c67270ec89796c3bc2f1f33a692278767644a3fb03d97b49561b17c81318d2a396d9bb3663f088c2052d8f8

    • SSDEEP

      6144:XH0wzxZKiPCeuHQ9B6I7ZWZpH0v+LwhcwCBUJn:Xx9Z1PSHQ9B6I7Uh02LwOBEn

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks