General

  • Target

    2024-04-08_ecd8c1ab47e146108b0ff40d511a20fd_virlock

  • Size

    245KB

  • Sample

    240408-nygwxsbg2x

  • MD5

    ecd8c1ab47e146108b0ff40d511a20fd

  • SHA1

    96eed85ecdf235f3a3b67f26db5eed0dd20afff6

  • SHA256

    0e997cc6861c258a2a2de4a85fb8b136069ac491ac2a8c07006c5622be7df891

  • SHA512

    7a750c0b5addb8b32675b9f41573429e55ea9eedf9645bfb63da6139662574d7a27db9d8180960ee89e0c19afd29626c306d63309223ece747f396eacc88dda9

  • SSDEEP

    6144:GLzVhF3iMfyRozut7c2ydjnqNP8CagWyT:GXDFyMKRoCt9ydjnqNPba8T

Malware Config

Targets

    • Target

      2024-04-08_ecd8c1ab47e146108b0ff40d511a20fd_virlock

    • Size

      245KB

    • MD5

      ecd8c1ab47e146108b0ff40d511a20fd

    • SHA1

      96eed85ecdf235f3a3b67f26db5eed0dd20afff6

    • SHA256

      0e997cc6861c258a2a2de4a85fb8b136069ac491ac2a8c07006c5622be7df891

    • SHA512

      7a750c0b5addb8b32675b9f41573429e55ea9eedf9645bfb63da6139662574d7a27db9d8180960ee89e0c19afd29626c306d63309223ece747f396eacc88dda9

    • SSDEEP

      6144:GLzVhF3iMfyRozut7c2ydjnqNP8CagWyT:GXDFyMKRoCt9ydjnqNPba8T

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks