General
-
Target
2024-09-20_4b2f4bc00a3c765493ec22cc684a2af0_virlock
-
Size
4.8MB
-
Sample
240920-e3qvysycqa
-
MD5
4b2f4bc00a3c765493ec22cc684a2af0
-
SHA1
3f10208d346f9b4fe97e52bbcd4b5e9b46115439
-
SHA256
dc547dcdfd7abbcee0d93840fb8583b3b05c349396a4f5a75452ee26b3ed339f
-
SHA512
f4b6f8705a4d032232f0b742be5bf24dd65ec922c6568deb5c2d7443cf1da17550dd8d15033fa71ddf74dd1a0e81c2aab71598a4dc39679e8b359da18eead1f4
-
SSDEEP
98304:ct+BesWitHpiOBelt1Y+OscAQugMDsuvyFzudYLdp+y:cQBbxtJFe1YdtDMVhK+y
Malware Config
Targets
-
-
Target
2024-09-20_4b2f4bc00a3c765493ec22cc684a2af0_virlock
-
Size
4.8MB
-
MD5
4b2f4bc00a3c765493ec22cc684a2af0
-
SHA1
3f10208d346f9b4fe97e52bbcd4b5e9b46115439
-
SHA256
dc547dcdfd7abbcee0d93840fb8583b3b05c349396a4f5a75452ee26b3ed339f
-
SHA512
f4b6f8705a4d032232f0b742be5bf24dd65ec922c6568deb5c2d7443cf1da17550dd8d15033fa71ddf74dd1a0e81c2aab71598a4dc39679e8b359da18eead1f4
-
SSDEEP
98304:ct+BesWitHpiOBelt1Y+OscAQugMDsuvyFzudYLdp+y:cQBbxtJFe1YdtDMVhK+y
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4