General

  • Target

    2024-10-19_f1b43cad80ad7e5cbed31fd3f828b49c_virlock

  • Size

    347KB

  • Sample

    241019-1mkjws1blf

  • MD5

    f1b43cad80ad7e5cbed31fd3f828b49c

  • SHA1

    b4e5364d1296c00c1e329f7e66f15bc7ec3ce78d

  • SHA256

    ba2a9b99833d0584a4db41b766b526fc7e27c37b3e3c1552e5d957598d725b5f

  • SHA512

    6f9e50251a9594c9edfa1c4449c28d92dd5bf4aaa1d552bae31422e7ab5edff3d5300fea61cd4650c65b407fc1ccb58b51fdeff3f03f5dbcd6187335fc2757e8

  • SSDEEP

    6144:MVLb7+PjyB5+SjKFqOLMeFveBXE7qNqvh:CLb7ajaCqQReiqNY

Malware Config

Targets

    • Target

      2024-10-19_f1b43cad80ad7e5cbed31fd3f828b49c_virlock

    • Size

      347KB

    • MD5

      f1b43cad80ad7e5cbed31fd3f828b49c

    • SHA1

      b4e5364d1296c00c1e329f7e66f15bc7ec3ce78d

    • SHA256

      ba2a9b99833d0584a4db41b766b526fc7e27c37b3e3c1552e5d957598d725b5f

    • SHA512

      6f9e50251a9594c9edfa1c4449c28d92dd5bf4aaa1d552bae31422e7ab5edff3d5300fea61cd4650c65b407fc1ccb58b51fdeff3f03f5dbcd6187335fc2757e8

    • SSDEEP

      6144:MVLb7+PjyB5+SjKFqOLMeFveBXE7qNqvh:CLb7ajaCqQReiqNY

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks