General
-
Target
2024-09-15_b7cb17fcb940e77c79fee15e4562c4d1_virlock
-
Size
654KB
-
Sample
240915-jdetlssdpb
-
MD5
b7cb17fcb940e77c79fee15e4562c4d1
-
SHA1
8cdc17418565653e5f9634a275ca1099e02a9719
-
SHA256
8fd578bc64427ce2a844a5fe098f26eee3ec1d44dd73a75a1306e8a4ae02b215
-
SHA512
d1d9a940fdef2f894125af598de174bbd88d3b143d932390b7607a1269191c65ad52f8caf18932b69e80fc0085f213c97f00501c83d35e272593a811a0cee1eb
-
SSDEEP
12288:IDneya5U+8EYPY9nWVFUv/1Ad8Tv5FFMrVKFGNCpsWncav6KB75wi+:ITVA8Bj8/1JT/2NCSicav6KB7P+
Malware Config
Targets
-
-
Target
2024-09-15_b7cb17fcb940e77c79fee15e4562c4d1_virlock
-
Size
654KB
-
MD5
b7cb17fcb940e77c79fee15e4562c4d1
-
SHA1
8cdc17418565653e5f9634a275ca1099e02a9719
-
SHA256
8fd578bc64427ce2a844a5fe098f26eee3ec1d44dd73a75a1306e8a4ae02b215
-
SHA512
d1d9a940fdef2f894125af598de174bbd88d3b143d932390b7607a1269191c65ad52f8caf18932b69e80fc0085f213c97f00501c83d35e272593a811a0cee1eb
-
SSDEEP
12288:IDneya5U+8EYPY9nWVFUv/1Ad8Tv5FFMrVKFGNCpsWncav6KB75wi+:ITVA8Bj8/1JT/2NCSicav6KB7P+
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (64) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4