General

  • Target

    2024-10-06_027cf94c64746df9112500e77ca35971_virlock

  • Size

    642KB

  • Sample

    241006-klez1szhnc

  • MD5

    027cf94c64746df9112500e77ca35971

  • SHA1

    2efc8a8660fb1f107c0677e554ba975ff21a4243

  • SHA256

    2652e196189df07679777a2427b9542b75a7b4381ec8b98bd83807bdbdb3bbab

  • SHA512

    eef1684aa5ea398a7fd95fc2d1312cc3e2e67ffa0d921255c47f737c967aa93636f4f14bb16e571030b5836d787d804e2891177d60b4690f66cf5a6471ae2f3b

  • SSDEEP

    12288:u5WV1AHltMx0QxsvuYuDc2hqrtgtAY6BsaBPdlQRBNw6dqOEAuT:GWVywR8pPRBsY4RBNwsqOO

Malware Config

Targets

    • Target

      2024-10-06_027cf94c64746df9112500e77ca35971_virlock

    • Size

      642KB

    • MD5

      027cf94c64746df9112500e77ca35971

    • SHA1

      2efc8a8660fb1f107c0677e554ba975ff21a4243

    • SHA256

      2652e196189df07679777a2427b9542b75a7b4381ec8b98bd83807bdbdb3bbab

    • SHA512

      eef1684aa5ea398a7fd95fc2d1312cc3e2e67ffa0d921255c47f737c967aa93636f4f14bb16e571030b5836d787d804e2891177d60b4690f66cf5a6471ae2f3b

    • SSDEEP

      12288:u5WV1AHltMx0QxsvuYuDc2hqrtgtAY6BsaBPdlQRBNw6dqOEAuT:GWVywR8pPRBsY4RBNwsqOO

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (60) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks