564a8ad5d6e4abab889d4a41ed73dcf1269dc37305f425291f167e94700a3158 | Triage

Sharing

General

Target

2024-03-28_32141e5bea2a7567e575bb15bccfec28_virlock
Size

253KB
Sample

240328-jwx3xade97
MD5

32141e5bea2a7567e575bb15bccfec28
SHA1

fe487b374d65469ea62f79b7add7899598208391
SHA256

564a8ad5d6e4abab889d4a41ed73dcf1269dc37305f425291f167e94700a3158
SHA512

132ba445a4ad38e3070cb4198aee0111080a1c7ff125d2118f8d24fa2ec5e8e74fad785884002cef945484623855d3ac2f3c3da4ff3be9bc4322211284ff5845
SSDEEP

6144:ywNYCYGtJYmJ0V89sUKq4jp6uvglYMMw4K+XI+r8eakcc8c8c8vpicO3:yivY0qmJ0V89sUKq4jp6uvglEK+XI+rH

Score

10^/10

evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  2024-03-28_32141e5bea2a7567e575bb15bccfec28_virlock
- Size
  
  253KB
- MD5
  
  32141e5bea2a7567e575bb15bccfec28
- SHA1
  
  fe487b374d65469ea62f79b7add7899598208391
- SHA256
  
  564a8ad5d6e4abab889d4a41ed73dcf1269dc37305f425291f167e94700a3158
- SHA512
  
  132ba445a4ad38e3070cb4198aee0111080a1c7ff125d2118f8d24fa2ec5e8e74fad785884002cef945484623855d3ac2f3c3da4ff3be9bc4322211284ff5845
- SSDEEP
  
  6144:ywNYCYGtJYmJ0V89sUKq4jp6uvglYMMw4K+XI+r8eakcc8c8c8vpicO3:yivY0qmJ0V89sUKq4jp6uvglEK+XI+rH
Score

10^/10

evasion persistence spyware stealer trojan ransomware
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Renames multiple (86) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojan

behavioral2

evasionpersistenceransomwarespywarestealertrojan