General

  • Target

    2024-06-12_a33f8ea7857dd6eb763a1a275efe4f6d_virlock

  • Size

    117KB

  • Sample

    240612-sgqjyszapf

  • MD5

    a33f8ea7857dd6eb763a1a275efe4f6d

  • SHA1

    06d0912d8db3cb1f1b38ae2f510d001b56cb5597

  • SHA256

    a2f617fb0e1866cb0d4e2e9386f9facddee8f6cabee08c22c316ec8b15962420

  • SHA512

    eefae5a23cba2f302865467799f918feb3b5e55ab6afe999e63406e990ca80dff87ac3272d302c5f1192d410fd4dab2ad671da4eef73ea0a019396293fd844eb

  • SSDEEP

    3072:J846BUO6UI7VKdgfuxMJ6n4pQJ6y/R5OEL:J52IIT6JE4K77

Malware Config

Targets

    • Target

      2024-06-12_a33f8ea7857dd6eb763a1a275efe4f6d_virlock

    • Size

      117KB

    • MD5

      a33f8ea7857dd6eb763a1a275efe4f6d

    • SHA1

      06d0912d8db3cb1f1b38ae2f510d001b56cb5597

    • SHA256

      a2f617fb0e1866cb0d4e2e9386f9facddee8f6cabee08c22c316ec8b15962420

    • SHA512

      eefae5a23cba2f302865467799f918feb3b5e55ab6afe999e63406e990ca80dff87ac3272d302c5f1192d410fd4dab2ad671da4eef73ea0a019396293fd844eb

    • SSDEEP

      3072:J846BUO6UI7VKdgfuxMJ6n4pQJ6y/R5OEL:J52IIT6JE4K77

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (80) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks