General

  • Target

    2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock

  • Size

    188KB

  • Sample

    240403-w6k8bahd66

  • MD5

    2654b33a18d9a692515f7b0b1fee79ed

  • SHA1

    ba9ff62d1e2f1e06616aee98942fa70d797bbdd1

  • SHA256

    5d9b42712df611c6a017f46359523aeb117c136bdfe73613a29cb62306027a50

  • SHA512

    85557045d145df48e4f7a6812c59724b58a31d0216a909febe8a771570156270f4b6af9eb5164f0639cb5005865c722a9e2b61a93415f2665a7292f458619b4d

  • SSDEEP

    3072:/vS5a7fRMjVOaG5F7qOEwRmg0HKvTfDahQ23XoG7bA/Zvq/FdqXik:/vS52fRMjVOaSq/+70uTLa+gbGZC/FMx

Malware Config

Targets

    • Target

      2024-04-03_2654b33a18d9a692515f7b0b1fee79ed_virlock

    • Size

      188KB

    • MD5

      2654b33a18d9a692515f7b0b1fee79ed

    • SHA1

      ba9ff62d1e2f1e06616aee98942fa70d797bbdd1

    • SHA256

      5d9b42712df611c6a017f46359523aeb117c136bdfe73613a29cb62306027a50

    • SHA512

      85557045d145df48e4f7a6812c59724b58a31d0216a909febe8a771570156270f4b6af9eb5164f0639cb5005865c722a9e2b61a93415f2665a7292f458619b4d

    • SSDEEP

      3072:/vS5a7fRMjVOaG5F7qOEwRmg0HKvTfDahQ23XoG7bA/Zvq/FdqXik:/vS52fRMjVOaSq/+70uTLa+gbGZC/FMx

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks