General
-
Target
2024-05-24_dc4229425e844f005b38928831df7b58_virlock
-
Size
193KB
-
Sample
240524-rpcgmahc39
-
MD5
dc4229425e844f005b38928831df7b58
-
SHA1
8a5b8c851a37bea0e0f1e224ae7b630ea29e80b5
-
SHA256
6d8e7697a09363ecf9150887fc5a2084ba84f9fa0600b9ce269323ce5462b61a
-
SHA512
bdce3cc1ddeb3ef3ba9439c2b41369c59715593f8ef41f537098a49a5e8ea9f9175478390d6558d876b7ff8a84b22ec6dce89613c2bd5337fc14517bb3f592b2
-
SSDEEP
6144:zA7Eud7wrDlqjRqHSjU48Lngok43fETVa4y:kd7sxYTqnXchy
Malware Config
Targets
-
-
Target
2024-05-24_dc4229425e844f005b38928831df7b58_virlock
-
Size
193KB
-
MD5
dc4229425e844f005b38928831df7b58
-
SHA1
8a5b8c851a37bea0e0f1e224ae7b630ea29e80b5
-
SHA256
6d8e7697a09363ecf9150887fc5a2084ba84f9fa0600b9ce269323ce5462b61a
-
SHA512
bdce3cc1ddeb3ef3ba9439c2b41369c59715593f8ef41f537098a49a5e8ea9f9175478390d6558d876b7ff8a84b22ec6dce89613c2bd5337fc14517bb3f592b2
-
SSDEEP
6144:zA7Eud7wrDlqjRqHSjU48Lngok43fETVa4y:kd7sxYTqnXchy
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (53) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1