Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-09_0d84321dc670214b345360e1dc88cf18_virlock

  • Size

    5.9MB

  • Sample

    240409-km6jcsec2y

  • MD5

    0d84321dc670214b345360e1dc88cf18

  • SHA1

    d1d293255c34ab528c2cc2fb167c63b49129cf22

  • SHA256

    4fc9661e1dde0c8b9ed8ccc580288fce07446a3d17780ce2d70e764adee35f00

  • SHA512

    1f8c4d8a9eb4a536d038d5ba1f427128a98ecee9dfa0fb4d5aa55d2bcf177fba4ac639e9c166659e77ab98454e6270480c6f55bf83af63252cffef4c48a1fd57

  • SSDEEP

    98304:XeAni4AafakUGfN+3cjvYPO/MUDOormDN+137e1b6Ivwmki4i1T:Xk4naGfN+SUO/MUKormDN+pS7hki4A

Malware Config

Targets

    • Target

      2024-04-09_0d84321dc670214b345360e1dc88cf18_virlock

    • Size

      5.9MB

    • MD5

      0d84321dc670214b345360e1dc88cf18

    • SHA1

      d1d293255c34ab528c2cc2fb167c63b49129cf22

    • SHA256

      4fc9661e1dde0c8b9ed8ccc580288fce07446a3d17780ce2d70e764adee35f00

    • SHA512

      1f8c4d8a9eb4a536d038d5ba1f427128a98ecee9dfa0fb4d5aa55d2bcf177fba4ac639e9c166659e77ab98454e6270480c6f55bf83af63252cffef4c48a1fd57

    • SSDEEP

      98304:XeAni4AafakUGfN+3cjvYPO/MUDOormDN+137e1b6Ivwmki4i1T:Xk4naGfN+SUO/MUKormDN+pS7hki4A

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (78) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks