General

  • Target

    2024-06-04_2973be958734116f9b41b7f2ca07241f_virlock

  • Size

    644KB

  • Sample

    240604-tc7hcacb7t

  • MD5

    2973be958734116f9b41b7f2ca07241f

  • SHA1

    7a77784c268d0710016adb03c649849ac293d572

  • SHA256

    83678d7770d80c502f3a53c2e65f2c20ec7617b1e74257b59f8cd7e72bfabe87

  • SHA512

    745eac9707ed24363866c5f4da8519f760f92604f2427b5e2182b10ee859269f1d220f1f8b33fa0498e3e28df3640d129caddfcb3bb30a693f66fffd9476efd1

  • SSDEEP

    12288:+BxDgjtkPRvVLd3yRUjleSD/xYvvmyi8a9BWVzWV6EBPvx9viXc0pXpDv:kx8jtkPZVLBkU5XJ+vY8ayEtP

Malware Config

Targets

    • Target

      2024-06-04_2973be958734116f9b41b7f2ca07241f_virlock

    • Size

      644KB

    • MD5

      2973be958734116f9b41b7f2ca07241f

    • SHA1

      7a77784c268d0710016adb03c649849ac293d572

    • SHA256

      83678d7770d80c502f3a53c2e65f2c20ec7617b1e74257b59f8cd7e72bfabe87

    • SHA512

      745eac9707ed24363866c5f4da8519f760f92604f2427b5e2182b10ee859269f1d220f1f8b33fa0498e3e28df3640d129caddfcb3bb30a693f66fffd9476efd1

    • SSDEEP

      12288:+BxDgjtkPRvVLd3yRUjleSD/xYvvmyi8a9BWVzWV6EBPvx9viXc0pXpDv:kx8jtkPZVLBkU5XJ+vY8ayEtP

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (55) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks