General

  • Target

    2024-09-21_ff41c716b0e3eace441f1a03ac00434a_virlock

  • Size

    139KB

  • Sample

    240921-bv1teayfnr

  • MD5

    ff41c716b0e3eace441f1a03ac00434a

  • SHA1

    ad9d8a6c7ad68f33ca6a23cb84a9b255259619a0

  • SHA256

    2b652d70089cfa3bc3e38f60d0b63cbb8602fc56934e0f8f011d4e110eb83453

  • SHA512

    ceac47dde3979f74cb2016f7eeb9592520616c40b63e39762315a3aa9009634edcb68f1781f94a4aebe3db07647197a7ac0eccd19ecda4ebcff01af0246a9df9

  • SSDEEP

    3072:Mo0Qz4z0GJxhvoPOF9zhpx9yUo4yZHaUoxekmQv:mQIT9zLx8UozsVd

Malware Config

Targets

    • Target

      2024-09-21_ff41c716b0e3eace441f1a03ac00434a_virlock

    • Size

      139KB

    • MD5

      ff41c716b0e3eace441f1a03ac00434a

    • SHA1

      ad9d8a6c7ad68f33ca6a23cb84a9b255259619a0

    • SHA256

      2b652d70089cfa3bc3e38f60d0b63cbb8602fc56934e0f8f011d4e110eb83453

    • SHA512

      ceac47dde3979f74cb2016f7eeb9592520616c40b63e39762315a3aa9009634edcb68f1781f94a4aebe3db07647197a7ac0eccd19ecda4ebcff01af0246a9df9

    • SSDEEP

      3072:Mo0Qz4z0GJxhvoPOF9zhpx9yUo4yZHaUoxekmQv:mQIT9zLx8UozsVd

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (84) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.