General

  • Target

    2024-04-03_9b4441b627ea2543daa1d677b44ca39d_virlock

  • Size

    253KB

  • Sample

    240403-ye6faabb55

  • MD5

    9b4441b627ea2543daa1d677b44ca39d

  • SHA1

    4159e10356d7b4ff199a19024bf0917fb748b810

  • SHA256

    41ed0c58f84c4950c825122823e906166f0f88e99c7b22949a62f96dc2e95d4b

  • SHA512

    0238f574ed70f6ab83950ac42094f0b471544cc56a874172ca05f2a15e7e064b5f2d0510edba2c35724f629f650b3ed6e38bc7bf4c19dc34a9414551f62f4622

  • SSDEEP

    6144:1yjyPtkSwwM25LXmwUfTavMdBfTNc6KyH30iXhR3:1yjyFkSwwcwgakPfpj7HkiL

Malware Config

Targets

    • Target

      2024-04-03_9b4441b627ea2543daa1d677b44ca39d_virlock

    • Size

      253KB

    • MD5

      9b4441b627ea2543daa1d677b44ca39d

    • SHA1

      4159e10356d7b4ff199a19024bf0917fb748b810

    • SHA256

      41ed0c58f84c4950c825122823e906166f0f88e99c7b22949a62f96dc2e95d4b

    • SHA512

      0238f574ed70f6ab83950ac42094f0b471544cc56a874172ca05f2a15e7e064b5f2d0510edba2c35724f629f650b3ed6e38bc7bf4c19dc34a9414551f62f4622

    • SSDEEP

      6144:1yjyPtkSwwM25LXmwUfTavMdBfTNc6KyH30iXhR3:1yjyFkSwwcwgakPfpj7HkiL

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (55) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks