General

  • Target

    2024-10-06_df6880ab807ea16c3535ed77ba2a0962_virlock

  • Size

    254KB

  • Sample

    241006-hkypmayfrb

  • MD5

    df6880ab807ea16c3535ed77ba2a0962

  • SHA1

    18d38f387f721458f525c8b887b7ed98af754bed

  • SHA256

    d7d1b9d40367112eb66e1912cc652f321416c616e73f6c59e3b91ef8ed8388fd

  • SHA512

    38aa51c2f98b1f72bffd1f04d4aad2fbc61e240c8179ea54adfb81f8acfe04dfb0c8dc39ac2034d6fae6f598e2356c0bbb2d7699a4f8a25666b0dfb550d37584

  • SSDEEP

    6144:9ZdpHfvbXaYl5CLMZjtm9MvzCOyfhiwWS:9Zm+qAUEG

Malware Config

Targets

    • Target

      2024-10-06_df6880ab807ea16c3535ed77ba2a0962_virlock

    • Size

      254KB

    • MD5

      df6880ab807ea16c3535ed77ba2a0962

    • SHA1

      18d38f387f721458f525c8b887b7ed98af754bed

    • SHA256

      d7d1b9d40367112eb66e1912cc652f321416c616e73f6c59e3b91ef8ed8388fd

    • SHA512

      38aa51c2f98b1f72bffd1f04d4aad2fbc61e240c8179ea54adfb81f8acfe04dfb0c8dc39ac2034d6fae6f598e2356c0bbb2d7699a4f8a25666b0dfb550d37584

    • SSDEEP

      6144:9ZdpHfvbXaYl5CLMZjtm9MvzCOyfhiwWS:9Zm+qAUEG

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks