General
-
Target
2024-05-25_925da9c07a1724eb13f4fb9d1b3e0a87_virlock
-
Size
644KB
-
Sample
240525-hey37she91
-
MD5
925da9c07a1724eb13f4fb9d1b3e0a87
-
SHA1
1fc9fc301f16e80d74df87b0c62d4c77be599b3d
-
SHA256
0b7f5b50256b6a6853c3cc65306414fb23293c09e994f59cced0dab205a23ac5
-
SHA512
4d6dc18a65cc2c3a30df14439b8b506c0ac616e7b1093a523e2825a38de68c1168e74e7ceabe4e685af393c224255d0379e9acbf52279588b20abfc97ba60608
-
SSDEEP
12288:WHrrh1Iu25PHvdcDa14HZtYnQ6KWIV5+fU:EHvgHVYMErYQ6tm+fU
Malware Config
Targets
-
-
Target
2024-05-25_925da9c07a1724eb13f4fb9d1b3e0a87_virlock
-
Size
644KB
-
MD5
925da9c07a1724eb13f4fb9d1b3e0a87
-
SHA1
1fc9fc301f16e80d74df87b0c62d4c77be599b3d
-
SHA256
0b7f5b50256b6a6853c3cc65306414fb23293c09e994f59cced0dab205a23ac5
-
SHA512
4d6dc18a65cc2c3a30df14439b8b506c0ac616e7b1093a523e2825a38de68c1168e74e7ceabe4e685af393c224255d0379e9acbf52279588b20abfc97ba60608
-
SSDEEP
12288:WHrrh1Iu25PHvdcDa14HZtYnQ6KWIV5+fU:EHvgHVYMErYQ6tm+fU
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (61) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1