General

  • Target

    2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock

  • Size

    710KB

  • Sample

    240403-xkfw5saa42

  • MD5

    d34cdff3b0e698bb896329c25e0cf5b3

  • SHA1

    c5347180f1d3207d8d48f480dd7539ae347a7cdf

  • SHA256

    a1fe19a6f8e7118773f8ed982e88ded4bb2e161503ad41428e7c99245d79ae35

  • SHA512

    65f8d46ade43c55e484ac05333fde2f817c4ecbf658e0690c88731a98e62940470dd7e18a434e860bc31232c6aa388ee2aa4262302ff2d076ad9fd97a73fc79a

  • SSDEEP

    12288:M+/pTJKEfDggggggg2ONjNRtoUepm93UOsLma7boUIeAnY87fUWHy:txkiDgggggggR5NWQ9kJ6a7bonz7fA

Malware Config

Targets

    • Target

      2024-04-03_d34cdff3b0e698bb896329c25e0cf5b3_virlock

    • Size

      710KB

    • MD5

      d34cdff3b0e698bb896329c25e0cf5b3

    • SHA1

      c5347180f1d3207d8d48f480dd7539ae347a7cdf

    • SHA256

      a1fe19a6f8e7118773f8ed982e88ded4bb2e161503ad41428e7c99245d79ae35

    • SHA512

      65f8d46ade43c55e484ac05333fde2f817c4ecbf658e0690c88731a98e62940470dd7e18a434e860bc31232c6aa388ee2aa4262302ff2d076ad9fd97a73fc79a

    • SSDEEP

      12288:M+/pTJKEfDggggggg2ONjNRtoUepm93UOsLma7boUIeAnY87fUWHy:txkiDgggggggR5NWQ9kJ6a7bonz7fA

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (85) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks