General

  • Target

    2024-06-12_1ec01bb7da942cc1d3962fd0a62d3ef0_virlock

  • Size

    117KB

  • Sample

    240612-nng4yashlb

  • MD5

    1ec01bb7da942cc1d3962fd0a62d3ef0

  • SHA1

    0360a9c353c52d25d1c074bcd4871fa565d319fd

  • SHA256

    b4e1dfb37cdbecc2eb7e0dfb3fed86ae61df2f7b49d959c7436a113f45ffdb0f

  • SHA512

    907563ffaed2ea9ac821725ba5706bebd7758be4a4080876732653d422c0a899139f40891dd8a5eb1fb4534bed114976bdcdec434740e04085f07b2732717e0e

  • SSDEEP

    3072:i3gpmUE0e0ruOMOpgpEf+I84mXzWLJiT6n1idva3Ceka3vuggggggggg:YgcUkOMOpgg+vOiTsyvde

Malware Config

Targets

    • Target

      2024-06-12_1ec01bb7da942cc1d3962fd0a62d3ef0_virlock

    • Size

      117KB

    • MD5

      1ec01bb7da942cc1d3962fd0a62d3ef0

    • SHA1

      0360a9c353c52d25d1c074bcd4871fa565d319fd

    • SHA256

      b4e1dfb37cdbecc2eb7e0dfb3fed86ae61df2f7b49d959c7436a113f45ffdb0f

    • SHA512

      907563ffaed2ea9ac821725ba5706bebd7758be4a4080876732653d422c0a899139f40891dd8a5eb1fb4534bed114976bdcdec434740e04085f07b2732717e0e

    • SSDEEP

      3072:i3gpmUE0e0ruOMOpgpEf+I84mXzWLJiT6n1idva3Ceka3vuggggggggg:YgcUkOMOpgg+vOiTsyvde

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks