General
-
Target
2024-05-22_b37a46bf22cfbf0d0778d86e3cd4a291_virlock
-
Size
199KB
-
Sample
240522-w1zthsbg8x
-
MD5
b37a46bf22cfbf0d0778d86e3cd4a291
-
SHA1
df139881cb499f2c5c969dca70ff5169b6d18cdc
-
SHA256
295b665587965925c3cffcc01427d4b74230b75b158ea91756f7a9fefed59ae6
-
SHA512
3ef1ff47684ee5a6987cf01d1e569488e748d9aa1231dcebf293def2ebee13efbcf5624cb2240e3fd4c1b3fc18f314122f401bc72519644178736401c9d8304a
-
SSDEEP
6144:wgd5nBg6zQ2jPO7WeKFrhEG3MZMrmMQaMO7m3m6n+YRSdW4f4O4Q44l2Ji7o0TDs:F5nrQ2jPO7WeKFrhEG3MZMrTPmWjYRa4
Malware Config
Targets
-
-
Target
2024-05-22_b37a46bf22cfbf0d0778d86e3cd4a291_virlock
-
Size
199KB
-
MD5
b37a46bf22cfbf0d0778d86e3cd4a291
-
SHA1
df139881cb499f2c5c969dca70ff5169b6d18cdc
-
SHA256
295b665587965925c3cffcc01427d4b74230b75b158ea91756f7a9fefed59ae6
-
SHA512
3ef1ff47684ee5a6987cf01d1e569488e748d9aa1231dcebf293def2ebee13efbcf5624cb2240e3fd4c1b3fc18f314122f401bc72519644178736401c9d8304a
-
SSDEEP
6144:wgd5nBg6zQ2jPO7WeKFrhEG3MZMrmMQaMO7m3m6n+YRSdW4f4O4Q44l2Ji7o0TDs:F5nrQ2jPO7WeKFrhEG3MZMrTPmWjYRa4
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (65) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1