General

  • Target

    2024-04-03_2337e5389081db45dd5a3758843120b9_virlock

  • Size

    155KB

  • Sample

    240403-njs1msda27

  • MD5

    2337e5389081db45dd5a3758843120b9

  • SHA1

    99c46170b63af74b13af173c24f59d287c445608

  • SHA256

    72e28253024c7646b511a5ed0c0e675dbd21983dc000a25cd073e41c76f07c71

  • SHA512

    37e2d669ef2e0aeb0288dadd7c5222bb60a65c7c05b0e2bac15976b9e97980aedc2b7916dd7012809e098d37ce6eee85ca49c2cf74ed7377d8e0422c494d3fda

  • SSDEEP

    3072:6ds4MGhZ1uP8r/p/vOGdzL5Qjjs+FMn5qybA2evlzWcTxV2edrE4bePw:WMGv1vGQL6jjjK5MJ9DNdw4q4

Malware Config

Targets

    • Target

      2024-04-03_2337e5389081db45dd5a3758843120b9_virlock

    • Size

      155KB

    • MD5

      2337e5389081db45dd5a3758843120b9

    • SHA1

      99c46170b63af74b13af173c24f59d287c445608

    • SHA256

      72e28253024c7646b511a5ed0c0e675dbd21983dc000a25cd073e41c76f07c71

    • SHA512

      37e2d669ef2e0aeb0288dadd7c5222bb60a65c7c05b0e2bac15976b9e97980aedc2b7916dd7012809e098d37ce6eee85ca49c2cf74ed7377d8e0422c494d3fda

    • SSDEEP

      3072:6ds4MGhZ1uP8r/p/vOGdzL5Qjjs+FMn5qybA2evlzWcTxV2edrE4bePw:WMGv1vGQL6jjjK5MJ9DNdw4q4

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (83) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks