Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-03-04_6e472fdebcf3b9a0ad5fe7810b019346_virlock

  • Size

    254KB

  • Sample

    240304-rw8teadf44

  • MD5

    6e472fdebcf3b9a0ad5fe7810b019346

  • SHA1

    38328fd1b4fc8a896d2874574632155d030ef8f0

  • SHA256

    7eb5aafdb65253add249e8dc7158ea02d067ba5f1e6ef7e620f14884b698affd

  • SHA512

    1a31615f87e87439a2f2db57c370ccd3170f26f2a6f706ab14fa8527dbce208975f957798a153df14edf40e5a052aaa0870deda006a88f29be6263538d97c6f9

  • SSDEEP

    6144:eL8l/y8BwksavW6CpkcbBoT37HMaTQ3Hj:+KqpDau6Cpkeob7sqi

Malware Config

Targets

    • Target

      2024-03-04_6e472fdebcf3b9a0ad5fe7810b019346_virlock

    • Size

      254KB

    • MD5

      6e472fdebcf3b9a0ad5fe7810b019346

    • SHA1

      38328fd1b4fc8a896d2874574632155d030ef8f0

    • SHA256

      7eb5aafdb65253add249e8dc7158ea02d067ba5f1e6ef7e620f14884b698affd

    • SHA512

      1a31615f87e87439a2f2db57c370ccd3170f26f2a6f706ab14fa8527dbce208975f957798a153df14edf40e5a052aaa0870deda006a88f29be6263538d97c6f9

    • SSDEEP

      6144:eL8l/y8BwksavW6CpkcbBoT37HMaTQ3Hj:+KqpDau6Cpkeob7sqi

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (90) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks