General
-
Target
2024-03-08_3fef4e434a2b45541e882a41ea7e4a47_virlock
-
Size
119KB
-
Sample
240308-by8cnacf3w
-
MD5
3fef4e434a2b45541e882a41ea7e4a47
-
SHA1
79725b3df9f1858b117aff859ef8ac5c36d73968
-
SHA256
da00aaff8dca2b61281a2333efdb112b32ebb2262cdd3aaf161e8c845e523569
-
SHA512
93a9c5fc7217c25354ebcfa5c02e2e004055ea66c76ad1378426c54e08b66af3a721f4a7c525dcd3d99ea0da4f3d2557027a45ef3221b60aa322d3516ba46c65
-
SSDEEP
3072:wX5np3fMjagSRv2KJPwUDS7+ZlsogJ/WHUHv:W3UjbSjJqJ/kY
Malware Config
Targets
-
-
Target
2024-03-08_3fef4e434a2b45541e882a41ea7e4a47_virlock
-
Size
119KB
-
MD5
3fef4e434a2b45541e882a41ea7e4a47
-
SHA1
79725b3df9f1858b117aff859ef8ac5c36d73968
-
SHA256
da00aaff8dca2b61281a2333efdb112b32ebb2262cdd3aaf161e8c845e523569
-
SHA512
93a9c5fc7217c25354ebcfa5c02e2e004055ea66c76ad1378426c54e08b66af3a721f4a7c525dcd3d99ea0da4f3d2557027a45ef3221b60aa322d3516ba46c65
-
SSDEEP
3072:wX5np3fMjagSRv2KJPwUDS7+ZlsogJ/WHUHv:W3UjbSjJqJ/kY
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (84) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1