General
-
Target
2024-05-08_5632cbb3ad1b2b7a0996e98ddf3417b7_virlock
-
Size
566KB
-
Sample
240508-b54m2sca4y
-
MD5
5632cbb3ad1b2b7a0996e98ddf3417b7
-
SHA1
13d4a71d598cb3aaec05f343a81adc005675c425
-
SHA256
f39db6dcd84536f3e68396df21ab407ebecac77e356ca2e7ddd8e73e0ad7eeba
-
SHA512
953db24dc592c69369bfc937ffec894e39b8d6959559da902a5920bc7700058f793dec285a15c80e8ecf21da6998731a33d4ea8bbbf87a1647b581abff6e3c8a
-
SSDEEP
12288:GlXLxXAoNdPh5XLaVYyF0Pb6sLyp76LJNsZnQPHABIByy:GhxwoXJ57yGG6dQnQPHABp
Malware Config
Targets
-
-
Target
2024-05-08_5632cbb3ad1b2b7a0996e98ddf3417b7_virlock
-
Size
566KB
-
MD5
5632cbb3ad1b2b7a0996e98ddf3417b7
-
SHA1
13d4a71d598cb3aaec05f343a81adc005675c425
-
SHA256
f39db6dcd84536f3e68396df21ab407ebecac77e356ca2e7ddd8e73e0ad7eeba
-
SHA512
953db24dc592c69369bfc937ffec894e39b8d6959559da902a5920bc7700058f793dec285a15c80e8ecf21da6998731a33d4ea8bbbf87a1647b581abff6e3c8a
-
SSDEEP
12288:GlXLxXAoNdPh5XLaVYyF0Pb6sLyp76LJNsZnQPHABIByy:GhxwoXJ57yGG6dQnQPHABp
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (77) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1