General

  • Target

    2024-06-12_126e516039073b34477ea82cf88b22ac_virlock

  • Size

    644KB

  • Sample

    240612-vbge7ssblb

  • MD5

    126e516039073b34477ea82cf88b22ac

  • SHA1

    3ca0a7de64f5154879dc9915d1953a20f1f3d0aa

  • SHA256

    044a841242d18b3002c9c0673b145dcfca9a08c4d5c305549d18091ea4f2eceb

  • SHA512

    0c4544fb497795168712ec35fedaf7c58b1010f83f1f3db87542b0957fbc99f915b06203366d761af54c1986543a12e9e7fe3e9cc09e50ab5b7a510c68e8b8c5

  • SSDEEP

    12288:rTy/ERLOKOWDO3cKTZLLKDxSEVwf28lUKrLe5spY5c5Z4Qp2J0Qrt:6/ERLOKOWcX9LL2gf2QUN5kBVE

Malware Config

Targets

    • Target

      2024-06-12_126e516039073b34477ea82cf88b22ac_virlock

    • Size

      644KB

    • MD5

      126e516039073b34477ea82cf88b22ac

    • SHA1

      3ca0a7de64f5154879dc9915d1953a20f1f3d0aa

    • SHA256

      044a841242d18b3002c9c0673b145dcfca9a08c4d5c305549d18091ea4f2eceb

    • SHA512

      0c4544fb497795168712ec35fedaf7c58b1010f83f1f3db87542b0957fbc99f915b06203366d761af54c1986543a12e9e7fe3e9cc09e50ab5b7a510c68e8b8c5

    • SSDEEP

      12288:rTy/ERLOKOWDO3cKTZLLKDxSEVwf28lUKrLe5spY5c5Z4Qp2J0Qrt:6/ERLOKOWcX9LL2gf2QUN5kBVE

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (53) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks