Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-08-26_0d0d6648016525daf17e9f8a0d1367c9_virlock

  • Size

    564KB

  • Sample

    240826-a5sp4sxajm

  • MD5

    0d0d6648016525daf17e9f8a0d1367c9

  • SHA1

    bfeb2e122b7c81b22711b090b25edf174176602e

  • SHA256

    0608f6e317cb1b0de3c8c4020ff589e885e9c27adf25574747390b64696a2c9e

  • SHA512

    024bec6c10ac6c95f01e36e0389dc0a4daf020297a4a2ab7842b477e9e24187fbd01a6e2ece875bf463fd18c0a4f3aba218d0fa9c3dbdeb08e59b89fb97258ab

  • SSDEEP

    12288:UkSrlR7qdx2LvMiGxHUlTVQ9xBVRyd7L:FSBpqdx2LWHUlTqBK1L

Malware Config

Targets

    • Target

      2024-08-26_0d0d6648016525daf17e9f8a0d1367c9_virlock

    • Size

      564KB

    • MD5

      0d0d6648016525daf17e9f8a0d1367c9

    • SHA1

      bfeb2e122b7c81b22711b090b25edf174176602e

    • SHA256

      0608f6e317cb1b0de3c8c4020ff589e885e9c27adf25574747390b64696a2c9e

    • SHA512

      024bec6c10ac6c95f01e36e0389dc0a4daf020297a4a2ab7842b477e9e24187fbd01a6e2ece875bf463fd18c0a4f3aba218d0fa9c3dbdeb08e59b89fb97258ab

    • SSDEEP

      12288:UkSrlR7qdx2LvMiGxHUlTVQ9xBVRyd7L:FSBpqdx2LWHUlTqBK1L

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (92) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks