General
-
Target
2024-04-26_20bda880282d88b8d73107433e97646d_virlock
-
Size
117KB
-
Sample
240426-njne6afd66
-
MD5
20bda880282d88b8d73107433e97646d
-
SHA1
ec821a290630ab6936c5536996e449a427d9a827
-
SHA256
212569c15599920ccee06acff3415f1846e5658e7382eab951cd2e64a23bd6a1
-
SHA512
e92c45babe51974ab1aa90d2f0caf41313115f0fac8343ca314a986c508ea287eece82e8062ff3e266427f4d3bc218f2bad7c9f70b04c68247bb63ff6f182aab
-
SSDEEP
3072:vPKJ/79qxvcANeNeKs4+3zdBi2iHMWT1:vPOPAscv4GZ7eMC
Malware Config
Targets
-
-
Target
2024-04-26_20bda880282d88b8d73107433e97646d_virlock
-
Size
117KB
-
MD5
20bda880282d88b8d73107433e97646d
-
SHA1
ec821a290630ab6936c5536996e449a427d9a827
-
SHA256
212569c15599920ccee06acff3415f1846e5658e7382eab951cd2e64a23bd6a1
-
SHA512
e92c45babe51974ab1aa90d2f0caf41313115f0fac8343ca314a986c508ea287eece82e8062ff3e266427f4d3bc218f2bad7c9f70b04c68247bb63ff6f182aab
-
SSDEEP
3072:vPKJ/79qxvcANeNeKs4+3zdBi2iHMWT1:vPOPAscv4GZ7eMC
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1