General

  • Target

    2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock

  • Size

    189KB

  • Sample

    240407-x7azeacc6z

  • MD5

    29df57be6e75f670b1d223ce4733a587

  • SHA1

    923c4577613d4c3eb816400141d73d486a7da36c

  • SHA256

    fa3fa87588ae7afe00e7b465e7208973c217aaf395288bbce0ff2d4ecb0fd597

  • SHA512

    07467b478ae80d2b8e910fd2461461b619ef5a462ff8594a0d7bf0711fc4b07c3d3546d77093c872628ff9b556d39eae42e4817c6d3a124b2c0115bb7f0348ee

  • SSDEEP

    3072:3cuMtawMlIJNVwLrd+yNoyykZG3oZ6oUkpLOqpvszcqOSXBxfdik8SWoHT4Vs:3chta3ECLrNyt3oslx4SXHMk82Ys

Malware Config

Targets

    • Target

      2024-04-07_29df57be6e75f670b1d223ce4733a587_virlock

    • Size

      189KB

    • MD5

      29df57be6e75f670b1d223ce4733a587

    • SHA1

      923c4577613d4c3eb816400141d73d486a7da36c

    • SHA256

      fa3fa87588ae7afe00e7b465e7208973c217aaf395288bbce0ff2d4ecb0fd597

    • SHA512

      07467b478ae80d2b8e910fd2461461b619ef5a462ff8594a0d7bf0711fc4b07c3d3546d77093c872628ff9b556d39eae42e4817c6d3a124b2c0115bb7f0348ee

    • SSDEEP

      3072:3cuMtawMlIJNVwLrd+yNoyykZG3oZ6oUkpLOqpvszcqOSXBxfdik8SWoHT4Vs:3chta3ECLrNyt3oslx4SXHMk82Ys

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks