General

  • Target

    2024-06-08_31e335ae276174f3ebd6bc5a0e31c372_virlock

  • Size

    788KB

  • Sample

    240608-m6kr4sbh67

  • MD5

    31e335ae276174f3ebd6bc5a0e31c372

  • SHA1

    0576caf6c842ca2020b3b60537d9003df66a708a

  • SHA256

    f7c1d35530e5959c695e2138faeadf4bc3da8744d1c37cee0f9602b37a3e80fd

  • SHA512

    85d35c92434fa13d6938e6366c92b74bfaf583d93ec71730983f31b13ee8f661275914f22abf1d79ab54d28cd703a5e72ffb0dcdc938a29916e9b3182cea625b

  • SSDEEP

    12288:T5aGoupHgfH1fMvKkwxCt3m5FH/nPGl6QLy7Bju60xgrIvvOp8tLQ1YpH9hyo:V9pS1vkVG/nAul048tc1Ydt

Malware Config

Targets

    • Target

      2024-06-08_31e335ae276174f3ebd6bc5a0e31c372_virlock

    • Size

      788KB

    • MD5

      31e335ae276174f3ebd6bc5a0e31c372

    • SHA1

      0576caf6c842ca2020b3b60537d9003df66a708a

    • SHA256

      f7c1d35530e5959c695e2138faeadf4bc3da8744d1c37cee0f9602b37a3e80fd

    • SHA512

      85d35c92434fa13d6938e6366c92b74bfaf583d93ec71730983f31b13ee8f661275914f22abf1d79ab54d28cd703a5e72ffb0dcdc938a29916e9b3182cea625b

    • SSDEEP

      12288:T5aGoupHgfH1fMvKkwxCt3m5FH/nPGl6QLy7Bju60xgrIvvOp8tLQ1YpH9hyo:V9pS1vkVG/nAul048tc1Ydt

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks