General

  • Target

    2024-06-08_cd532e65e7fdbd2e63fb518a517df663_virlock

  • Size

    154KB

  • Sample

    240608-nzyaascc54

  • MD5

    cd532e65e7fdbd2e63fb518a517df663

  • SHA1

    289499a10d3ba63dfe696488e27e0714965f7226

  • SHA256

    a45601417ce50418400fd88b1a3f8282271c4e9e3f4c1948362296333b1f5fdb

  • SHA512

    237a64ab6581032132c86f4702179c29b94c9c6486116f657fe4760d536fc47ab5427f7de0648057ea97ad2a72112d8c73a9f8bde8057f9b32c28a0c47f2f559

  • SSDEEP

    3072:ZgexCrI7E6KAuqnHRMmh4tSPdOW7lydClfeDoxXb6TzA0zPZYgJo8z6L2gej:6exB7EpAct4cW7lydN8x+3Nbz/

Malware Config

Targets

    • Target

      2024-06-08_cd532e65e7fdbd2e63fb518a517df663_virlock

    • Size

      154KB

    • MD5

      cd532e65e7fdbd2e63fb518a517df663

    • SHA1

      289499a10d3ba63dfe696488e27e0714965f7226

    • SHA256

      a45601417ce50418400fd88b1a3f8282271c4e9e3f4c1948362296333b1f5fdb

    • SHA512

      237a64ab6581032132c86f4702179c29b94c9c6486116f657fe4760d536fc47ab5427f7de0648057ea97ad2a72112d8c73a9f8bde8057f9b32c28a0c47f2f559

    • SSDEEP

      3072:ZgexCrI7E6KAuqnHRMmh4tSPdOW7lydClfeDoxXb6TzA0zPZYgJo8z6L2gej:6exB7EpAct4cW7lydN8x+3Nbz/

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (58) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks