General

  • Target

    2024-10-16_871695fdef1bd8462baa1fcf55ce78ba_virlock

  • Size

    195KB

  • Sample

    241016-t9n29szerd

  • MD5

    871695fdef1bd8462baa1fcf55ce78ba

  • SHA1

    6880c724f410aab75c811ee5ed2da1d01c893364

  • SHA256

    d73489f8ab6317abf9fd463f4c1416468ef3c6102c987feab306a1f7b2472057

  • SHA512

    127a52cf9198f1d13506825dcaa0910e45845d9c57cb2a5950e7e27200c45df3dd679e84a503782d016006944c989e2a33af6bc4cfa69eaff0ecc10c8e3c5650

  • SSDEEP

    3072:z+j3qyp1GEu8jbL1Ez9vyhgN4JwtkSeUUnNOs77XI/vY1EjTysV:3cQhSbhCZNNHkP4nY1EjhV

Malware Config

Targets

    • Target

      2024-10-16_871695fdef1bd8462baa1fcf55ce78ba_virlock

    • Size

      195KB

    • MD5

      871695fdef1bd8462baa1fcf55ce78ba

    • SHA1

      6880c724f410aab75c811ee5ed2da1d01c893364

    • SHA256

      d73489f8ab6317abf9fd463f4c1416468ef3c6102c987feab306a1f7b2472057

    • SHA512

      127a52cf9198f1d13506825dcaa0910e45845d9c57cb2a5950e7e27200c45df3dd679e84a503782d016006944c989e2a33af6bc4cfa69eaff0ecc10c8e3c5650

    • SSDEEP

      3072:z+j3qyp1GEu8jbL1Ez9vyhgN4JwtkSeUUnNOs77XI/vY1EjTysV:3cQhSbhCZNNHkP4nY1EjhV

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks