General

  • Target

    2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

  • Size

    200KB

  • Sample

    240403-x5j5asac9s

  • MD5

    16110daf1409fd74e4630f0cc4e5869d

  • SHA1

    33f2c6cfb4a81cbd57eb16b5fb667ab5c39d8742

  • SHA256

    53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43

  • SHA512

    1559cb64a2b1aa6c01d3eea100cff003c8dda26fb40084e5aff647997aea552c6362fc119182b59281e910645c6ab5c02858f9ebbdd640ed08c51dbf6cfb1a7a

  • SSDEEP

    6144:mVdolfd85vyPXtFt3ohCjkuSNvizItA1YA:Gdol18kFFt3ohCjkLIzgA

Malware Config

Targets

    • Target

      2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock

    • Size

      200KB

    • MD5

      16110daf1409fd74e4630f0cc4e5869d

    • SHA1

      33f2c6cfb4a81cbd57eb16b5fb667ab5c39d8742

    • SHA256

      53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43

    • SHA512

      1559cb64a2b1aa6c01d3eea100cff003c8dda26fb40084e5aff647997aea552c6362fc119182b59281e910645c6ab5c02858f9ebbdd640ed08c51dbf6cfb1a7a

    • SSDEEP

      6144:mVdolfd85vyPXtFt3ohCjkuSNvizItA1YA:Gdol18kFFt3ohCjkLIzgA

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (82) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks