General

  • Target

    2024-04-07_fa2bbce90abceb41594a25481006d5d1_virlock

  • Size

    568KB

  • Sample

    240407-zgyznaea3v

  • MD5

    fa2bbce90abceb41594a25481006d5d1

  • SHA1

    b47ffb64e038b8d51f89a97322edc1570fc2819f

  • SHA256

    aeaf8e23222de81db26d2f326c5a636ae9d9ca8b8ee7f709513003c0277f78e5

  • SHA512

    1a8f677d28c3323c5be9df06bea8ead875a5adfdc6f4a4f8d02954578e3e37d008bebe0ab33c04cb25092115f7be71230f0d225a84521de20d80b93af63b0dcc

  • SSDEEP

    12288:gunp/UhSkOaYiQotCxFngnizMMq4edFEKiE16jQJA/:RntIYiQoCJgnc7WEKiE16jQJ+

Malware Config

Targets

    • Target

      2024-04-07_fa2bbce90abceb41594a25481006d5d1_virlock

    • Size

      568KB

    • MD5

      fa2bbce90abceb41594a25481006d5d1

    • SHA1

      b47ffb64e038b8d51f89a97322edc1570fc2819f

    • SHA256

      aeaf8e23222de81db26d2f326c5a636ae9d9ca8b8ee7f709513003c0277f78e5

    • SHA512

      1a8f677d28c3323c5be9df06bea8ead875a5adfdc6f4a4f8d02954578e3e37d008bebe0ab33c04cb25092115f7be71230f0d225a84521de20d80b93af63b0dcc

    • SSDEEP

      12288:gunp/UhSkOaYiQotCxFngnizMMq4edFEKiE16jQJA/:RntIYiQoCJgnc7WEKiE16jQJ+

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (87) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks