General

  • Target

    2024-06-12_d43e5d551c06cf4e8399f35aab2bd949_virlock

  • Size

    121KB

  • Sample

    240612-sheh3stbmr

  • MD5

    d43e5d551c06cf4e8399f35aab2bd949

  • SHA1

    e8a55c30500e9339e48407c5e216b3f0895f4efa

  • SHA256

    043092cb12f7ebf12e7ae898a98b1d9c5e18b9e2821c98989db05cd2436bb5da

  • SHA512

    a571f0f934b532b3f70536b0efce27c1bdfb7e13d6cc62b6d354c11f12279bec313c9dda3bee1a9225515db3f0a8c6aec9bb248aef33a5218f78f51973f7844a

  • SSDEEP

    3072:T846BUO6UI7VKdgfuxMJ6n4pQJ6y/R5OELT:752IIT6JE4K77T

Malware Config

Targets

    • Target

      2024-06-12_d43e5d551c06cf4e8399f35aab2bd949_virlock

    • Size

      121KB

    • MD5

      d43e5d551c06cf4e8399f35aab2bd949

    • SHA1

      e8a55c30500e9339e48407c5e216b3f0895f4efa

    • SHA256

      043092cb12f7ebf12e7ae898a98b1d9c5e18b9e2821c98989db05cd2436bb5da

    • SHA512

      a571f0f934b532b3f70536b0efce27c1bdfb7e13d6cc62b6d354c11f12279bec313c9dda3bee1a9225515db3f0a8c6aec9bb248aef33a5218f78f51973f7844a

    • SSDEEP

      3072:T846BUO6UI7VKdgfuxMJ6n4pQJ6y/R5OELT:752IIT6JE4K77T

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (79) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks