Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-06_bc9ea6468dd2f86278dd48f5f8805556_virlock

  • Size

    142KB

  • Sample

    240406-rwn41acd8s

  • MD5

    bc9ea6468dd2f86278dd48f5f8805556

  • SHA1

    e5b9b711101c3240dcc66ad1011bc8d0c3ef2fcc

  • SHA256

    b24f9143d07595136d766c1214d3f62ec76989a1ca1c6b9047e0170d32db95f1

  • SHA512

    764cc6a8f5bc1ca0c7ebb6ed3378acb371ec408ac6d34a3f7f49c921644ef31ebad1c1c1c8a69ec464f8602ca3e4518ac4dc20971d753dfa041cf6fac24c1b15

  • SSDEEP

    3072:1FJsgTY5NPqTArcRBEMApCSL20+INhjDHnsYl+8mm:1FFTY5xZAgLNNhjDHsY+

Malware Config

Targets

    • Target

      2024-04-06_bc9ea6468dd2f86278dd48f5f8805556_virlock

    • Size

      142KB

    • MD5

      bc9ea6468dd2f86278dd48f5f8805556

    • SHA1

      e5b9b711101c3240dcc66ad1011bc8d0c3ef2fcc

    • SHA256

      b24f9143d07595136d766c1214d3f62ec76989a1ca1c6b9047e0170d32db95f1

    • SHA512

      764cc6a8f5bc1ca0c7ebb6ed3378acb371ec408ac6d34a3f7f49c921644ef31ebad1c1c1c8a69ec464f8602ca3e4518ac4dc20971d753dfa041cf6fac24c1b15

    • SSDEEP

      3072:1FJsgTY5NPqTArcRBEMApCSL20+INhjDHnsYl+8mm:1FFTY5xZAgLNNhjDHsY+

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (76) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks