General

  • Target

    2024-04-03_62d94572fce9449bd38be7a0ee14ce65_virlock

  • Size

    203KB

  • Sample

    240403-ybyahaba42

  • MD5

    62d94572fce9449bd38be7a0ee14ce65

  • SHA1

    026c27643b88dc0e28716e14dc2927f1c8af838f

  • SHA256

    2f0333b641a119dfdcb5f0a3986598cdd2dffbdae64a00ec8fcd93992e84dc31

  • SHA512

    185c6b87ca395a1d6e56b8c5634d6496e9f85e6092cb5d2d71a75c50d05364d9ed6c5a9ee212dc0605fd709ae05c0e15c7380a655e29d1dc867be02591c87709

  • SSDEEP

    6144:MEhzA7G+VBDD1igoBl2KgBEp4gkJSALmznXTjG9hs:1A7G+VBDD1i/gykUPnG9h

Malware Config

Targets

    • Target

      2024-04-03_62d94572fce9449bd38be7a0ee14ce65_virlock

    • Size

      203KB

    • MD5

      62d94572fce9449bd38be7a0ee14ce65

    • SHA1

      026c27643b88dc0e28716e14dc2927f1c8af838f

    • SHA256

      2f0333b641a119dfdcb5f0a3986598cdd2dffbdae64a00ec8fcd93992e84dc31

    • SHA512

      185c6b87ca395a1d6e56b8c5634d6496e9f85e6092cb5d2d71a75c50d05364d9ed6c5a9ee212dc0605fd709ae05c0e15c7380a655e29d1dc867be02591c87709

    • SSDEEP

      6144:MEhzA7G+VBDD1igoBl2KgBEp4gkJSALmznXTjG9hs:1A7G+VBDD1i/gykUPnG9h

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (65) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks