General

  • Target

    2024-04-03_d7b51b0316573842c186157b726534ed_virlock

  • Size

    345KB

  • Sample

    240403-mf1ewace69

  • MD5

    d7b51b0316573842c186157b726534ed

  • SHA1

    f3088590f40e76f791300a4adf387d3e2f15497a

  • SHA256

    9c9c43c72328f51ab9faf34746a63b2428090fc9c731ff3d783d18a434a9844a

  • SHA512

    71c3ec7bbe8c0da35d27d75337b3236308de351690fbe967c15764ef7da9aa847c50a394e821c87038e9fb450069912817ad45da0d0c121d1857cf70427deda8

  • SSDEEP

    3072:Mxl9HWkk7F9IUbnJv7zeMYVo/6+7YhkEWXaZLaQ/nUXfvZ+ZPwBk8X5sL:Mxl9bk7FeUJ7z1eRhkvXaZnUewJo

Malware Config

Targets

    • Target

      2024-04-03_d7b51b0316573842c186157b726534ed_virlock

    • Size

      345KB

    • MD5

      d7b51b0316573842c186157b726534ed

    • SHA1

      f3088590f40e76f791300a4adf387d3e2f15497a

    • SHA256

      9c9c43c72328f51ab9faf34746a63b2428090fc9c731ff3d783d18a434a9844a

    • SHA512

      71c3ec7bbe8c0da35d27d75337b3236308de351690fbe967c15764ef7da9aa847c50a394e821c87038e9fb450069912817ad45da0d0c121d1857cf70427deda8

    • SSDEEP

      3072:Mxl9HWkk7F9IUbnJv7zeMYVo/6+7YhkEWXaZLaQ/nUXfvZ+ZPwBk8X5sL:Mxl9bk7FeUJ7z1eRhkvXaZnUewJo

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (77) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks