General

  • Target

    2024-10-18_1177cff1c636c509935f1ba17e1fff8a_virlock

  • Size

    894KB

  • Sample

    241018-bth7zayalf

  • MD5

    1177cff1c636c509935f1ba17e1fff8a

  • SHA1

    d952f175a173c0fd615b08bab3d5546cc32c2822

  • SHA256

    c406a1f4eb0c5d5ef40b4592888b6d334f486e1afbc75c967d47d8ff6d38f43f

  • SHA512

    f08e3b697652d50bea9f05eda63cb9ad804db24526b519917c57a69dcc89e504c9836ddf2bce0956b70f63a59d91fb03eb91e1cc541495e5008de9274222f7d4

  • SSDEEP

    24576:SnieOVTCVP3u/b/a3HmS8Y9xczZHtO4Um:DqWDa3GS8MxczZ

Malware Config

Targets

    • Target

      2024-10-18_1177cff1c636c509935f1ba17e1fff8a_virlock

    • Size

      894KB

    • MD5

      1177cff1c636c509935f1ba17e1fff8a

    • SHA1

      d952f175a173c0fd615b08bab3d5546cc32c2822

    • SHA256

      c406a1f4eb0c5d5ef40b4592888b6d334f486e1afbc75c967d47d8ff6d38f43f

    • SHA512

      f08e3b697652d50bea9f05eda63cb9ad804db24526b519917c57a69dcc89e504c9836ddf2bce0956b70f63a59d91fb03eb91e1cc541495e5008de9274222f7d4

    • SSDEEP

      24576:SnieOVTCVP3u/b/a3HmS8Y9xczZHtO4Um:DqWDa3GS8MxczZ

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (59) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks