Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-21_850c1b830c281317b36092829da882e9_virlock

  • Size

    591KB

  • Sample

    241021-bw7ckstdkl

  • MD5

    850c1b830c281317b36092829da882e9

  • SHA1

    d6ab9d0b32a260bf85b1535a3ba0a4b477f1a42b

  • SHA256

    5d7f329132a3bec31d47e7a87b9a0fc61df5602a872dbcd93ceb8bf341e46ef2

  • SHA512

    9e060f7fbba59893fcc55438b46b9318ec9433aa989ea949874bea529250527dc295a66a9aba92730f1a37cf7aa8ce1d9034969cb78abd55532060124bfffca8

  • SSDEEP

    12288:BKNyV0V4WD9PhoH5HUjBl5ons6mKM9le6QArU:EywPhoZmBlUB+le6s

Malware Config

Targets

    • Target

      2024-10-21_850c1b830c281317b36092829da882e9_virlock

    • Size

      591KB

    • MD5

      850c1b830c281317b36092829da882e9

    • SHA1

      d6ab9d0b32a260bf85b1535a3ba0a4b477f1a42b

    • SHA256

      5d7f329132a3bec31d47e7a87b9a0fc61df5602a872dbcd93ceb8bf341e46ef2

    • SHA512

      9e060f7fbba59893fcc55438b46b9318ec9433aa989ea949874bea529250527dc295a66a9aba92730f1a37cf7aa8ce1d9034969cb78abd55532060124bfffca8

    • SSDEEP

      12288:BKNyV0V4WD9PhoH5HUjBl5ons6mKM9le6QArU:EywPhoZmBlUB+le6s

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks