General
-
Target
2024-04-09_6e6dd8058e5b404b331f7c1d668f79a4_virlock
-
Size
120KB
-
Sample
240409-qx8pcsgd64
-
MD5
6e6dd8058e5b404b331f7c1d668f79a4
-
SHA1
97a69fbf40fb307bbfd7c3776d6194efbbde234a
-
SHA256
3db8296b78e2311e21829a2d315f2f6b2b9fda095bec9a4a46d4d812ea0761d3
-
SHA512
980194b2a670b5bbf389c3f7cf9c8de16f99d497eb3440381edc119009b8aa362cf9ae4ac7da76972d1aa585a96bdb3db9dd7040986edfdd28cd40f0ffa52bc9
-
SSDEEP
1536:6sRZ7uOGY3whJ7GGMVimEbx/fLdlBagjwSdUdxDQaHmraz3gbJPZTfcN1s8WV6yQ:1VmNMsJHLEkwSdUFgVZ7qCj30Pqii+A
Malware Config
Targets
-
-
Target
2024-04-09_6e6dd8058e5b404b331f7c1d668f79a4_virlock
-
Size
120KB
-
MD5
6e6dd8058e5b404b331f7c1d668f79a4
-
SHA1
97a69fbf40fb307bbfd7c3776d6194efbbde234a
-
SHA256
3db8296b78e2311e21829a2d315f2f6b2b9fda095bec9a4a46d4d812ea0761d3
-
SHA512
980194b2a670b5bbf389c3f7cf9c8de16f99d497eb3440381edc119009b8aa362cf9ae4ac7da76972d1aa585a96bdb3db9dd7040986edfdd28cd40f0ffa52bc9
-
SSDEEP
1536:6sRZ7uOGY3whJ7GGMVimEbx/fLdlBagjwSdUdxDQaHmraz3gbJPZTfcN1s8WV6yQ:1VmNMsJHLEkwSdUFgVZ7qCj30Pqii+A
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (75) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1