General

  • Target

    2024-04-07_8ea7c9ce430064f103389cfd7a1c6cd3_virlock

  • Size

    254KB

  • Sample

    240407-zgvl8sed29

  • MD5

    8ea7c9ce430064f103389cfd7a1c6cd3

  • SHA1

    9ae3a0a22f6f54db9d8df3b299537f5c9c1034dc

  • SHA256

    cd5dc531ed2985b7f86bbea0692cb6fe98a68bc5e90c370125b3f1a7e37b5658

  • SHA512

    7b920ed2dfbf33028e583e9f090b204f83473bbd3328b5d6a14c42cf53c976fbe5dd444919eecfd52a10dcfe2f80ffafdeade1f77184f0806f4aec92ce971046

  • SSDEEP

    3072:A0E2yP4lCpTsRlbtZEtnsbHW2IYFeDLquCkhufoBQkOwFA4dg:LupgnbQsrVIY9ufx33dg

Malware Config

Targets

    • Target

      2024-04-07_8ea7c9ce430064f103389cfd7a1c6cd3_virlock

    • Size

      254KB

    • MD5

      8ea7c9ce430064f103389cfd7a1c6cd3

    • SHA1

      9ae3a0a22f6f54db9d8df3b299537f5c9c1034dc

    • SHA256

      cd5dc531ed2985b7f86bbea0692cb6fe98a68bc5e90c370125b3f1a7e37b5658

    • SHA512

      7b920ed2dfbf33028e583e9f090b204f83473bbd3328b5d6a14c42cf53c976fbe5dd444919eecfd52a10dcfe2f80ffafdeade1f77184f0806f4aec92ce971046

    • SSDEEP

      3072:A0E2yP4lCpTsRlbtZEtnsbHW2IYFeDLquCkhufoBQkOwFA4dg:LupgnbQsrVIY9ufx33dg

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (80) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks