Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-09-21_45a8f1d820c3403dde271c0faa694568_virlock

  • Size

    643KB

  • Sample

    240921-tw61xs1gra

  • MD5

    45a8f1d820c3403dde271c0faa694568

  • SHA1

    3b5a221985b10b5c5a0146cb146dc930bb794172

  • SHA256

    bc0101a5c611d08324e25345c5d046459044793f1e7248806a2eea685b875486

  • SHA512

    94a394550981ddad17713a421463a36e13653d8abd172ec846fc4d6cae37fbdfd1ca1dcbfe2083b0040cbea8164af5ad4bdf6587cd5bc9e21e5e0b6b60ffcd4d

  • SSDEEP

    12288:SHLFzllPJ6MjDvdBE3vqlw7C4zovwjCVOHBXpeaTIKrYNx5l9iLf7yDn3:aLbZDPlwG/viCVoXppTIKrwiLfGDn3

Malware Config

Targets

    • Target

      2024-09-21_45a8f1d820c3403dde271c0faa694568_virlock

    • Size

      643KB

    • MD5

      45a8f1d820c3403dde271c0faa694568

    • SHA1

      3b5a221985b10b5c5a0146cb146dc930bb794172

    • SHA256

      bc0101a5c611d08324e25345c5d046459044793f1e7248806a2eea685b875486

    • SHA512

      94a394550981ddad17713a421463a36e13653d8abd172ec846fc4d6cae37fbdfd1ca1dcbfe2083b0040cbea8164af5ad4bdf6587cd5bc9e21e5e0b6b60ffcd4d

    • SSDEEP

      12288:SHLFzllPJ6MjDvdBE3vqlw7C4zovwjCVOHBXpeaTIKrYNx5l9iLf7yDn3:aLbZDPlwG/viCVoXppTIKrwiLfGDn3

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (63) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks