Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-04-17_befa77d0e7d6c251940ec9f975c6d5b9_virlock

  • Size

    253KB

  • Sample

    240417-c6lz3abf25

  • MD5

    befa77d0e7d6c251940ec9f975c6d5b9

  • SHA1

    89b9ebb0ad74d28d6e6a70823ed975263d6254f3

  • SHA256

    85da9228e34d7a8c944352d2a3e71883a2559dab0efac3488c47e6a739b481d8

  • SHA512

    2e1de27d4640624c4547df57b8acf7b9e7a7957cdbb1157b147b3f8b07c08d568fb85532a6eacb955c8082faddb356e9eeaff895cce6887a5d3c16949c0ca2bf

  • SSDEEP

    6144:OsO2HVogXW8rApbO3vxJH9Zn6upRwYhObFTK1k8tQwm:muVoaW8rApAH9eKOZTK7E

Malware Config

Targets

    • Target

      2024-04-17_befa77d0e7d6c251940ec9f975c6d5b9_virlock

    • Size

      253KB

    • MD5

      befa77d0e7d6c251940ec9f975c6d5b9

    • SHA1

      89b9ebb0ad74d28d6e6a70823ed975263d6254f3

    • SHA256

      85da9228e34d7a8c944352d2a3e71883a2559dab0efac3488c47e6a739b481d8

    • SHA512

      2e1de27d4640624c4547df57b8acf7b9e7a7957cdbb1157b147b3f8b07c08d568fb85532a6eacb955c8082faddb356e9eeaff895cce6887a5d3c16949c0ca2bf

    • SSDEEP

      6144:OsO2HVogXW8rApbO3vxJH9Zn6upRwYhObFTK1k8tQwm:muVoaW8rApAH9eKOZTK7E

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks