General
-
Target
2024-05-23_74b1775c2f939faf645592a07ae40238_virlock
-
Size
276KB
-
Sample
240523-jr4d5aab2z
-
MD5
74b1775c2f939faf645592a07ae40238
-
SHA1
6508de8014933d492da53f86cc1dfb5985747715
-
SHA256
df6c59166b0a316b2a4c9d8a88f6db2d13ed5b4eae47da77f980c00b3636ca8d
-
SHA512
cccab3bdb8c96a4598302cdd8c58d41c34fac2c22833f949a0bf408cd81077f84d6b442b6c9379fad581605b60ab15e26f950b9fe72ea206a53baf07e6d780ca
-
SSDEEP
6144:4HPnOrggx8WB7vYCCF5l4f8hgNozgXGWuSE68Qf0HgY+3ASP8kjuCd3Cd:WPnygU8WBHCF5l4iaodWuSZ10AUSElgW
Malware Config
Targets
-
-
Target
2024-05-23_74b1775c2f939faf645592a07ae40238_virlock
-
Size
276KB
-
MD5
74b1775c2f939faf645592a07ae40238
-
SHA1
6508de8014933d492da53f86cc1dfb5985747715
-
SHA256
df6c59166b0a316b2a4c9d8a88f6db2d13ed5b4eae47da77f980c00b3636ca8d
-
SHA512
cccab3bdb8c96a4598302cdd8c58d41c34fac2c22833f949a0bf408cd81077f84d6b442b6c9379fad581605b60ab15e26f950b9fe72ea206a53baf07e6d780ca
-
SSDEEP
6144:4HPnOrggx8WB7vYCCF5l4f8hgNozgXGWuSE68Qf0HgY+3ASP8kjuCd3Cd:WPnygU8WBHCF5l4iaodWuSZ10AUSElgW
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (53) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1