General
-
Target
2024-05-25_4eb3211d423f17958696b1663b1a536b_virlock
-
Size
644KB
-
Sample
240525-hb9ershe42
-
MD5
4eb3211d423f17958696b1663b1a536b
-
SHA1
9bfc387515822d3cb8f96bb2c5822bb5d9c92e11
-
SHA256
ada5cf5952337e6d1933afd4c00b655d7cb7b4ac98e3353baef5b90123ebfc0f
-
SHA512
b048d4308d1f7d8877bceeb6776572de4e686c09122d350b4d56028ed55681f7a5c11d9b4f7e0434abf1867592bee3720215b360c44dc6e8290269c63e1e32d7
-
SSDEEP
12288:GWTFzgLByo3IS+idISfZMYBpm6+q5LdFHxj9O8edVB91RybSyl7SzFbZtr1fQGC6:GWTFwEidIOZMYBpe+J8TVB91RybSyl7E
Malware Config
Targets
-
-
Target
2024-05-25_4eb3211d423f17958696b1663b1a536b_virlock
-
Size
644KB
-
MD5
4eb3211d423f17958696b1663b1a536b
-
SHA1
9bfc387515822d3cb8f96bb2c5822bb5d9c92e11
-
SHA256
ada5cf5952337e6d1933afd4c00b655d7cb7b4ac98e3353baef5b90123ebfc0f
-
SHA512
b048d4308d1f7d8877bceeb6776572de4e686c09122d350b4d56028ed55681f7a5c11d9b4f7e0434abf1867592bee3720215b360c44dc6e8290269c63e1e32d7
-
SSDEEP
12288:GWTFzgLByo3IS+idISfZMYBpm6+q5LdFHxj9O8edVB91RybSyl7SzFbZtr1fQGC6:GWTFwEidIOZMYBpe+J8TVB91RybSyl7E
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (74) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1