General

  • Target

    2024-06-08_07afcc83de3db7fd8a2f8603ee9d0088_virlock

  • Size

    132KB

  • Sample

    240608-mvfzsabh25

  • MD5

    07afcc83de3db7fd8a2f8603ee9d0088

  • SHA1

    1de88d53b1c003a50d8701b33a62facabb733c1e

  • SHA256

    3e2047e4db44f6d834dae004f5cbd7dd337195c6d5ce3473dd065244c1b77181

  • SHA512

    d23fcbd4dc7d33304ceaaaef86c371696b55fb68841fbf75c42b7e3d52a7333fd1eba21aad7a4589065ba39c0ad8a2434053d99a76a3c3c6414a08190980bb87

  • SSDEEP

    3072:GFYOZ9YqKvaZ5FPZmLBllZSBZtYycCiV+I:tOk0FRmLLloZy59V+

Malware Config

Targets

    • Target

      2024-06-08_07afcc83de3db7fd8a2f8603ee9d0088_virlock

    • Size

      132KB

    • MD5

      07afcc83de3db7fd8a2f8603ee9d0088

    • SHA1

      1de88d53b1c003a50d8701b33a62facabb733c1e

    • SHA256

      3e2047e4db44f6d834dae004f5cbd7dd337195c6d5ce3473dd065244c1b77181

    • SHA512

      d23fcbd4dc7d33304ceaaaef86c371696b55fb68841fbf75c42b7e3d52a7333fd1eba21aad7a4589065ba39c0ad8a2434053d99a76a3c3c6414a08190980bb87

    • SSDEEP

      3072:GFYOZ9YqKvaZ5FPZmLBllZSBZtYycCiV+I:tOk0FRmLLloZy59V+

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (53) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks