General

  • Target

    2024-10-19_42de2729a8457deb93859902fccecf16_virlock

  • Size

    662KB

  • Sample

    241019-2w6zxswdql

  • MD5

    42de2729a8457deb93859902fccecf16

  • SHA1

    3ee4cb7c3b16b1cb53822d0a0261e1cbe5bdcc3e

  • SHA256

    d877d424e6836255f8c4ad38414f94e74de49d270f0c6d6dd49b4f0e3a0aff0d

  • SHA512

    1e69d430498386b71725d8de6007e792762823398cde96b8c4b5ea378b5d818ff478ad6b6bfff8dee1631e3c48fcd9d6abd025d21b9f54f5c8cd67ea087d550a

  • SSDEEP

    12288:kyCBjIpp9pHtIajwR0jquCC8XNZ7ituJvF/vviAa6If1qAoVKi5nnwHcm0Y/RVnN:nCBjIpp9pHaajw0quCCSVZF/vtHIdeKN

Malware Config

Targets

    • Target

      2024-10-19_42de2729a8457deb93859902fccecf16_virlock

    • Size

      662KB

    • MD5

      42de2729a8457deb93859902fccecf16

    • SHA1

      3ee4cb7c3b16b1cb53822d0a0261e1cbe5bdcc3e

    • SHA256

      d877d424e6836255f8c4ad38414f94e74de49d270f0c6d6dd49b4f0e3a0aff0d

    • SHA512

      1e69d430498386b71725d8de6007e792762823398cde96b8c4b5ea378b5d818ff478ad6b6bfff8dee1631e3c48fcd9d6abd025d21b9f54f5c8cd67ea087d550a

    • SSDEEP

      12288:kyCBjIpp9pHtIajwR0jquCC8XNZ7ituJvF/vviAa6If1qAoVKi5nnwHcm0Y/RVnN:nCBjIpp9pHaajw0quCCSVZF/vtHIdeKN

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (82) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks