Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-03-04_0bec02b0ded562e0780736a02796f9e9_virlock

  • Size

    213KB

  • Sample

    240304-rrdsgacd2v

  • MD5

    0bec02b0ded562e0780736a02796f9e9

  • SHA1

    ed9156cae9db89fdf8c4deab78ebc83b5fb635c8

  • SHA256

    480663176f58322ca83227d6cf71b913782d7a6de39a950233c1c7289894d5b8

  • SHA512

    8e05daa25e32a136de60a8d183b4d248028da37253c3ae2740dc0b99257f00937fa576e7b2a4dee26011304fd0ad31426d601c2a4157908083c5245eaf562b2e

  • SSDEEP

    6144:FCI7EYgIbWZz/4LVsF8vLEka3zz0qAaWaF:FmybWZsL6F8jK3z4qArK

Malware Config

Targets

    • Target

      2024-03-04_0bec02b0ded562e0780736a02796f9e9_virlock

    • Size

      213KB

    • MD5

      0bec02b0ded562e0780736a02796f9e9

    • SHA1

      ed9156cae9db89fdf8c4deab78ebc83b5fb635c8

    • SHA256

      480663176f58322ca83227d6cf71b913782d7a6de39a950233c1c7289894d5b8

    • SHA512

      8e05daa25e32a136de60a8d183b4d248028da37253c3ae2740dc0b99257f00937fa576e7b2a4dee26011304fd0ad31426d601c2a4157908083c5245eaf562b2e

    • SSDEEP

      6144:FCI7EYgIbWZz/4LVsF8vLEka3zz0qAaWaF:FmybWZsL6F8jK3z4qArK

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks