General
-
Target
2024-04-28_99e237b158fe7679f35380cc729a7bdc_virlock
-
Size
137KB
-
Sample
240428-q4d4bsha57
-
MD5
99e237b158fe7679f35380cc729a7bdc
-
SHA1
3bb9d1712e1b96134dcb7f3bd32a8234b4070f76
-
SHA256
43931d257e82e59e89693dfba6d2e147aff2802125028f90de1f7c2b565db66b
-
SHA512
75ddb9c9e15846ebb0a379ae073b8f5af3fa30a6198c4f7de1c7799fde9dc1eb0f9d501d1da2821ca625308b7b9e10175f76136404d749494370c9b06c99f872
-
SSDEEP
3072:OsM8BjA/wRJ3WoTOdwmg3BuQ0bckOWiEb5Rfv:OP8EwbWoTOdwmg3nEVp
Malware Config
Targets
-
-
Target
2024-04-28_99e237b158fe7679f35380cc729a7bdc_virlock
-
Size
137KB
-
MD5
99e237b158fe7679f35380cc729a7bdc
-
SHA1
3bb9d1712e1b96134dcb7f3bd32a8234b4070f76
-
SHA256
43931d257e82e59e89693dfba6d2e147aff2802125028f90de1f7c2b565db66b
-
SHA512
75ddb9c9e15846ebb0a379ae073b8f5af3fa30a6198c4f7de1c7799fde9dc1eb0f9d501d1da2821ca625308b7b9e10175f76136404d749494370c9b06c99f872
-
SSDEEP
3072:OsM8BjA/wRJ3WoTOdwmg3BuQ0bckOWiEb5Rfv:OP8EwbWoTOdwmg3nEVp
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (81) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1