General
-
Target
20240824c79b9cd94a4617449fa988373af34d4fvirlock
-
Size
212KB
-
Sample
240824-ncwsysyfrq
-
MD5
c79b9cd94a4617449fa988373af34d4f
-
SHA1
b07077f4e92b84d1dead325c2d19614997efe9cd
-
SHA256
a8ed9414bac186c2e40ec9d3a07c2df7ca7fc75796ed0d73cf15347f03f16858
-
SHA512
60c0611ed999d018364d8cbbb43c014c39be46e00139ece2f19cfc75fd1eb764f884ce1d106fd9113e1c8e2b9c085050d94a7934850ac37fac09a528b38a8728
-
SSDEEP
6144:CKxMxAAcdBkIo9moWqTjBkNXHPQnVnBVULXi6BH9mvkiX2/AgT:CKxMiAj9Pqld5im/9
Malware Config
Targets
-
-
Target
20240824c79b9cd94a4617449fa988373af34d4fvirlock
-
Size
212KB
-
MD5
c79b9cd94a4617449fa988373af34d4f
-
SHA1
b07077f4e92b84d1dead325c2d19614997efe9cd
-
SHA256
a8ed9414bac186c2e40ec9d3a07c2df7ca7fc75796ed0d73cf15347f03f16858
-
SHA512
60c0611ed999d018364d8cbbb43c014c39be46e00139ece2f19cfc75fd1eb764f884ce1d106fd9113e1c8e2b9c085050d94a7934850ac37fac09a528b38a8728
-
SSDEEP
6144:CKxMxAAcdBkIo9moWqTjBkNXHPQnVnBVULXi6BH9mvkiX2/AgT:CKxMiAj9Pqld5im/9
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (65) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4