Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-21_1be1108c686fccbdbebcc8c7c069d75a_virlock

  • Size

    721KB

  • Sample

    241021-a28xxs1flr

  • MD5

    1be1108c686fccbdbebcc8c7c069d75a

  • SHA1

    1c4c98ea727b5ad7ebb2395cd0d121a52632f2ef

  • SHA256

    bc114cfc7a267585233b1fa18303f6c37b9331d80454a43c6fea145cd2cb2880

  • SHA512

    cd1c1dcfd6231ae139e8882ea54131bc96ccb8c1621d01ba078788d4e0000d1df512761f506be7451a1fd425f205b67c5d9ad9d0e9c7437ae65984c6a7d8f5fa

  • SSDEEP

    3072:Axt7KvD2HC97Tuy4+VWo3wJ/LQp/cJ8AaTam5P4Z:Ms2H+uy4EW6Q2/u8Aw5Q

Malware Config

Targets

    • Target

      2024-10-21_1be1108c686fccbdbebcc8c7c069d75a_virlock

    • Size

      721KB

    • MD5

      1be1108c686fccbdbebcc8c7c069d75a

    • SHA1

      1c4c98ea727b5ad7ebb2395cd0d121a52632f2ef

    • SHA256

      bc114cfc7a267585233b1fa18303f6c37b9331d80454a43c6fea145cd2cb2880

    • SHA512

      cd1c1dcfd6231ae139e8882ea54131bc96ccb8c1621d01ba078788d4e0000d1df512761f506be7451a1fd425f205b67c5d9ad9d0e9c7437ae65984c6a7d8f5fa

    • SSDEEP

      3072:Axt7KvD2HC97Tuy4+VWo3wJ/LQp/cJ8AaTam5P4Z:Ms2H+uy4EW6Q2/u8Aw5Q

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks