General

  • Target

    2024-10-06_c2470745ec79b710d16278164e2076e9_virlock

  • Size

    335KB

  • Sample

    241006-kdbbvszgnb

  • MD5

    c2470745ec79b710d16278164e2076e9

  • SHA1

    fffa9058ed92deb3dda94e0d015468e5c3972172

  • SHA256

    4e27bd70a8c4236eb76563669b1ffa0453fc7a7d8f0dbe64109a8dadde80fc45

  • SHA512

    48572696e75fb06a5ecad9ec6bb63e7009b50206dfbd5fe269b02fc37ccc6d9fef065df210526582fb04b127c5f598ca9f117d763ffa05fb8f14a9ad03e2dab7

  • SSDEEP

    6144:T4FcDAltRVOWXgKBlHID2OmHqh7laQS1/jjL6Hq+t+268WzPbE7nSM5Ay0OkjYwY:CcDAfRQWXgKBlHID2OmHqh7laQS1/jjM

Malware Config

Targets

    • Target

      2024-10-06_c2470745ec79b710d16278164e2076e9_virlock

    • Size

      335KB

    • MD5

      c2470745ec79b710d16278164e2076e9

    • SHA1

      fffa9058ed92deb3dda94e0d015468e5c3972172

    • SHA256

      4e27bd70a8c4236eb76563669b1ffa0453fc7a7d8f0dbe64109a8dadde80fc45

    • SHA512

      48572696e75fb06a5ecad9ec6bb63e7009b50206dfbd5fe269b02fc37ccc6d9fef065df210526582fb04b127c5f598ca9f117d763ffa05fb8f14a9ad03e2dab7

    • SSDEEP

      6144:T4FcDAltRVOWXgKBlHID2OmHqh7laQS1/jjL6Hq+t+268WzPbE7nSM5Ay0OkjYwY:CcDAfRQWXgKBlHID2OmHqh7laQS1/jjM

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (64) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks