General

  • Target

    2024-06-12_950f149950dedc87a7a8ce5845c83628_virlock

  • Size

    119KB

  • Sample

    240612-sgl7jatblp

  • MD5

    950f149950dedc87a7a8ce5845c83628

  • SHA1

    b2294daf22f52d89b5e2b9cae9e8e64f260d9a6a

  • SHA256

    7e2a7cf52462d5c27c68fcbf38c5bfacfa358d1f26b2f1d8d904bdaad2fcd61a

  • SHA512

    f4a035bffd0d4faa96bdf414f115be08311d61f9d05625a8292309d1ad24004e187cda75fbc9dc358d817359df2f11b3d36d5de23ef56ba067e7ec5984981dc8

  • SSDEEP

    3072:EAtlP0D+Ln5ldeXUTj/RR0VADPDRG0DJuzN:EGsD+LnwUTdmODFGoQp

Malware Config

Targets

    • Target

      2024-06-12_950f149950dedc87a7a8ce5845c83628_virlock

    • Size

      119KB

    • MD5

      950f149950dedc87a7a8ce5845c83628

    • SHA1

      b2294daf22f52d89b5e2b9cae9e8e64f260d9a6a

    • SHA256

      7e2a7cf52462d5c27c68fcbf38c5bfacfa358d1f26b2f1d8d904bdaad2fcd61a

    • SHA512

      f4a035bffd0d4faa96bdf414f115be08311d61f9d05625a8292309d1ad24004e187cda75fbc9dc358d817359df2f11b3d36d5de23ef56ba067e7ec5984981dc8

    • SSDEEP

      3072:EAtlP0D+Ln5ldeXUTj/RR0VADPDRG0DJuzN:EGsD+LnwUTdmODFGoQp

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks