General

  • Target

    2024-04-07_cfae17316e3302b54f4480956eb78505_virlock

  • Size

    138KB

  • Sample

    240407-zcjn6sdg81

  • MD5

    cfae17316e3302b54f4480956eb78505

  • SHA1

    595cb8de53a4e15e31e4b46a43d05c29c01f893f

  • SHA256

    e07cdb69053c78e7bbf2bdc2204c17c3c9589392dfea2e491a9111a0faa82fa2

  • SHA512

    685eb524ee4fb2f521e49ee9e174c254b6ee65ff4d716401d139335cca91d40fde955e76649767a384e5a970c653a63f62dd60b94005b7fc0ca3fd0f9b94e422

  • SSDEEP

    3072:qWUT9Qy3/UCg5OM8xbSiVF9NHJBkn5dq6aXVtPBX:XU3/UCg5OM4xFN6aDF

Malware Config

Targets

    • Target

      2024-04-07_cfae17316e3302b54f4480956eb78505_virlock

    • Size

      138KB

    • MD5

      cfae17316e3302b54f4480956eb78505

    • SHA1

      595cb8de53a4e15e31e4b46a43d05c29c01f893f

    • SHA256

      e07cdb69053c78e7bbf2bdc2204c17c3c9589392dfea2e491a9111a0faa82fa2

    • SHA512

      685eb524ee4fb2f521e49ee9e174c254b6ee65ff4d716401d139335cca91d40fde955e76649767a384e5a970c653a63f62dd60b94005b7fc0ca3fd0f9b94e422

    • SSDEEP

      3072:qWUT9Qy3/UCg5OM8xbSiVF9NHJBkn5dq6aXVtPBX:XU3/UCg5OM4xFN6aDF

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks