General

  • Target

    2024-10-06_6dee7bdadf3e631c26460dde8e8d13fc_virlock

  • Size

    342KB

  • Sample

    241006-kar57szgje

  • MD5

    6dee7bdadf3e631c26460dde8e8d13fc

  • SHA1

    a5f86014850b994dddd9c92ade4e83d2db5337b5

  • SHA256

    a3a65456cac82aef1d06112ebe9382fbc5e5d0ba001a53b25d5469dcce707049

  • SHA512

    f0d2fe85e00df8f7855d4eb5b410726903c8e5db7c4edf51f19c9dae76db77dc0a0ea7bd072915561c579bee0fcdc8c957552798bac8a216232c7e136bd81b7a

  • SSDEEP

    6144:CZO5EZS+hC8WhPjDXnVu6NPZZLkmCxDr2p4:CZOKZWJPDfZAbtR

Malware Config

Targets

    • Target

      2024-10-06_6dee7bdadf3e631c26460dde8e8d13fc_virlock

    • Size

      342KB

    • MD5

      6dee7bdadf3e631c26460dde8e8d13fc

    • SHA1

      a5f86014850b994dddd9c92ade4e83d2db5337b5

    • SHA256

      a3a65456cac82aef1d06112ebe9382fbc5e5d0ba001a53b25d5469dcce707049

    • SHA512

      f0d2fe85e00df8f7855d4eb5b410726903c8e5db7c4edf51f19c9dae76db77dc0a0ea7bd072915561c579bee0fcdc8c957552798bac8a216232c7e136bd81b7a

    • SSDEEP

      6144:CZO5EZS+hC8WhPjDXnVu6NPZZLkmCxDr2p4:CZOKZWJPDfZAbtR

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (84) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks