Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-20_3ce5860a71270ac8e0710851fb649735_virlock

  • Size

    345KB

  • Sample

    241020-z7apra1bnh

  • MD5

    3ce5860a71270ac8e0710851fb649735

  • SHA1

    9f2ea853bdaaef54c3050728bf2952c5e5a21b69

  • SHA256

    6b7c23e6bd017b5767293816a0f2ab3f131e689778774b2acb506bde1b59df86

  • SHA512

    3ed1e73b01beaed9f41be3afbb53f0a45b59a7e6898eb7a171d662dc52fd1ce740adef385054e9fe1753fc83c1422a23e2d929d7eb48cbe438e91cfda2d7da4e

  • SSDEEP

    6144:GGAtXrUyRZFT6dfj/4JBy009aYGuzzYeBlLECnD:GzLRZ2qy1vzNnD

Malware Config

Targets

    • Target

      2024-10-20_3ce5860a71270ac8e0710851fb649735_virlock

    • Size

      345KB

    • MD5

      3ce5860a71270ac8e0710851fb649735

    • SHA1

      9f2ea853bdaaef54c3050728bf2952c5e5a21b69

    • SHA256

      6b7c23e6bd017b5767293816a0f2ab3f131e689778774b2acb506bde1b59df86

    • SHA512

      3ed1e73b01beaed9f41be3afbb53f0a45b59a7e6898eb7a171d662dc52fd1ce740adef385054e9fe1753fc83c1422a23e2d929d7eb48cbe438e91cfda2d7da4e

    • SSDEEP

      6144:GGAtXrUyRZFT6dfj/4JBy009aYGuzzYeBlLECnD:GzLRZ2qy1vzNnD

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (87) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks