General

  • Target

    2024-04-03_e0d4f805362cc919b44ae474f88181ae_virlock

  • Size

    117KB

  • Sample

    240403-xlk79ahf4v

  • MD5

    e0d4f805362cc919b44ae474f88181ae

  • SHA1

    7e2dc060f2d2f15f8080eb7f40db1cb585179899

  • SHA256

    be2a06101382c105d31982aad11e308d36f5e110099b0e78a2ec22ba486c98d9

  • SHA512

    483d7315ec99900db4fe7986a2b37f3769c341d68c514d404a0d63432b70e59fff3593d9839d5260d68a2535b097bd764a1e8bf807e843de2cccf5d2bc2f1834

  • SSDEEP

    3072:YNPjSo30AgPyCqaBTx/PUxaxCxQ1wwJPf/6O:gPZ3oqWPvxxWiPfCO

Malware Config

Targets

    • Target

      2024-04-03_e0d4f805362cc919b44ae474f88181ae_virlock

    • Size

      117KB

    • MD5

      e0d4f805362cc919b44ae474f88181ae

    • SHA1

      7e2dc060f2d2f15f8080eb7f40db1cb585179899

    • SHA256

      be2a06101382c105d31982aad11e308d36f5e110099b0e78a2ec22ba486c98d9

    • SHA512

      483d7315ec99900db4fe7986a2b37f3769c341d68c514d404a0d63432b70e59fff3593d9839d5260d68a2535b097bd764a1e8bf807e843de2cccf5d2bc2f1834

    • SSDEEP

      3072:YNPjSo30AgPyCqaBTx/PUxaxCxQ1wwJPf/6O:gPZ3oqWPvxxWiPfCO

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (82) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks