General
-
Target
2024-04-26_ad2677c23ab1b1073aca9ab23678424c_virlock
-
Size
709KB
-
Sample
240426-np8chsfd8y
-
MD5
ad2677c23ab1b1073aca9ab23678424c
-
SHA1
a8f7d241cc3a1731f84200f7c5cf2c7a4aaf7832
-
SHA256
e9d9375584ce13943fe4390ef6688ee87a73644df9db357782e2aa9086015164
-
SHA512
f3b49dd1ca90033b28723bbd193a4eac1359bb040df90bd38735b536d5b547757ee0dd1389e6d1557b847874ee3bedf11231c765f28ef6e60b77b8dc8c9a524f
-
SSDEEP
12288:9/t/A7GJ8SMQrWXv+VTmJ3nLi6GN6zYjj9EtjCp8PrJ8bTS:3Y08SMQr0v+VTSn8jj9EtjCpoIT
Malware Config
Targets
-
-
Target
2024-04-26_ad2677c23ab1b1073aca9ab23678424c_virlock
-
Size
709KB
-
MD5
ad2677c23ab1b1073aca9ab23678424c
-
SHA1
a8f7d241cc3a1731f84200f7c5cf2c7a4aaf7832
-
SHA256
e9d9375584ce13943fe4390ef6688ee87a73644df9db357782e2aa9086015164
-
SHA512
f3b49dd1ca90033b28723bbd193a4eac1359bb040df90bd38735b536d5b547757ee0dd1389e6d1557b847874ee3bedf11231c765f28ef6e60b77b8dc8c9a524f
-
SSDEEP
12288:9/t/A7GJ8SMQrWXv+VTmJ3nLi6GN6zYjj9EtjCp8PrJ8bTS:3Y08SMQr0v+VTSn8jj9EtjCpoIT
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (83) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1