General

  • Target

    2024-04-07_999c8cd259701e905e906158b18c2a1d_virlock

  • Size

    314KB

  • Sample

    240407-xqhmxsbf8z

  • MD5

    999c8cd259701e905e906158b18c2a1d

  • SHA1

    58b985e75f19a6a6b9468c1efed1199dbe6d96fe

  • SHA256

    efdcc8e2ed9e2ee0e54396fb6b1ffab1fdf454f0c7884952f9ad27abedc0d1e9

  • SHA512

    595b2c7ab395351bb35ea2f71f34dcf29fcd6f5d6902b8b19c05c3bc3b056587a228bad997ede1042990939711432b12c947c9b4e733671560c2cc9e6ba8023a

  • SSDEEP

    6144:tr3hUc9bmpNwghQcSYHTJtn19XEcFv0PWWZ7o8oFwN8hogyX0d:cuoNfLHAcelQOGWgyEd

Malware Config

Targets

    • Target

      2024-04-07_999c8cd259701e905e906158b18c2a1d_virlock

    • Size

      314KB

    • MD5

      999c8cd259701e905e906158b18c2a1d

    • SHA1

      58b985e75f19a6a6b9468c1efed1199dbe6d96fe

    • SHA256

      efdcc8e2ed9e2ee0e54396fb6b1ffab1fdf454f0c7884952f9ad27abedc0d1e9

    • SHA512

      595b2c7ab395351bb35ea2f71f34dcf29fcd6f5d6902b8b19c05c3bc3b056587a228bad997ede1042990939711432b12c947c9b4e733671560c2cc9e6ba8023a

    • SSDEEP

      6144:tr3hUc9bmpNwghQcSYHTJtn19XEcFv0PWWZ7o8oFwN8hogyX0d:cuoNfLHAcelQOGWgyEd

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (80) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks