Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-20_ff4707b087014ff174edfb4acff59b6a_virlock

  • Size

    592KB

  • Sample

    241020-z7swbs1bqe

  • MD5

    ff4707b087014ff174edfb4acff59b6a

  • SHA1

    2851809f92574f7876d2db6a6b0353f8e838b3b6

  • SHA256

    a4a1933dbd14e18681c8bd6b1b289a1ab4b06cac08ad80f4e72ff715bb029194

  • SHA512

    960a419ea996cf5d8ac297a161392090a78085510b3c6f458d363f89ca9da2aa587222e85578f75f1373c6047aa674db1c2608ce72bc1f81a1155127bc24f2d1

  • SSDEEP

    12288:pbZeZxFpXJqxzfcpQK8RzSoYfGjkQ5gdQj4P:GZrQzsR8RqzQGXP

Malware Config

Targets

    • Target

      2024-10-20_ff4707b087014ff174edfb4acff59b6a_virlock

    • Size

      592KB

    • MD5

      ff4707b087014ff174edfb4acff59b6a

    • SHA1

      2851809f92574f7876d2db6a6b0353f8e838b3b6

    • SHA256

      a4a1933dbd14e18681c8bd6b1b289a1ab4b06cac08ad80f4e72ff715bb029194

    • SHA512

      960a419ea996cf5d8ac297a161392090a78085510b3c6f458d363f89ca9da2aa587222e85578f75f1373c6047aa674db1c2608ce72bc1f81a1155127bc24f2d1

    • SSDEEP

      12288:pbZeZxFpXJqxzfcpQK8RzSoYfGjkQ5gdQj4P:GZrQzsR8RqzQGXP

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks