General
-
Target
2024-04-30_18d4e2a9d29bbb1fb3ca7aecb8599fef_virlock
-
Size
563KB
-
Sample
240430-q2gfnsgc5z
-
MD5
18d4e2a9d29bbb1fb3ca7aecb8599fef
-
SHA1
84adad96793eaacc2c88cce5fa8c530fc682016b
-
SHA256
42e09b70c772bdc92d6d5967c2ccafa94afa9d40a57ad12f1a9b467800f149db
-
SHA512
e63e83891129b9af8a0aa25373a25c6eaec417ab692b1dc4286c4fdcdb32fa498f5efcc12525ccc7e062b9bf95256105b5ec130fb7d5c288a48e3dd7c0cf7051
-
SSDEEP
12288:1T51V/J0Ndm8wuNeCiLpYX3a01HP9mwijqTx:nadmMNvN1g
Malware Config
Targets
-
-
Target
2024-04-30_18d4e2a9d29bbb1fb3ca7aecb8599fef_virlock
-
Size
563KB
-
MD5
18d4e2a9d29bbb1fb3ca7aecb8599fef
-
SHA1
84adad96793eaacc2c88cce5fa8c530fc682016b
-
SHA256
42e09b70c772bdc92d6d5967c2ccafa94afa9d40a57ad12f1a9b467800f149db
-
SHA512
e63e83891129b9af8a0aa25373a25c6eaec417ab692b1dc4286c4fdcdb32fa498f5efcc12525ccc7e062b9bf95256105b5ec130fb7d5c288a48e3dd7c0cf7051
-
SSDEEP
12288:1T51V/J0Ndm8wuNeCiLpYX3a01HP9mwijqTx:nadmMNvN1g
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (82) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1