General

  • Target

    2024-04-03_3c60e44ffcc878ce705720f061550328_virlock

  • Size

    347KB

  • Sample

    240403-mgyyfacb2z

  • MD5

    3c60e44ffcc878ce705720f061550328

  • SHA1

    a4631bf78eb679b609b6a5038ba8668ec5ac07b3

  • SHA256

    f371f10ba9eae89d662c100852aa5186f8fafa025f2047ad5188d674595481f5

  • SHA512

    599ca5114f5077158c608465744ae4593f61f27ce3c87e407549980881049cb04df5b5a91bdade2dd18179b184189c4d984fd739a63d0445bee1b950a14946af

  • SSDEEP

    6144:sgiCziaN3BqiZJovN8UiKWKEqv0c+wPsho:UuR9I3Auuo

Malware Config

Targets

    • Target

      2024-04-03_3c60e44ffcc878ce705720f061550328_virlock

    • Size

      347KB

    • MD5

      3c60e44ffcc878ce705720f061550328

    • SHA1

      a4631bf78eb679b609b6a5038ba8668ec5ac07b3

    • SHA256

      f371f10ba9eae89d662c100852aa5186f8fafa025f2047ad5188d674595481f5

    • SHA512

      599ca5114f5077158c608465744ae4593f61f27ce3c87e407549980881049cb04df5b5a91bdade2dd18179b184189c4d984fd739a63d0445bee1b950a14946af

    • SSDEEP

      6144:sgiCziaN3BqiZJovN8UiKWKEqv0c+wPsho:UuR9I3Auuo

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks