Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-25_4d16e483d4678c1ea1ac16a72742a5cd_virlock

  • Size

    160KB

  • Sample

    241025-zcbcssskex

  • MD5

    4d16e483d4678c1ea1ac16a72742a5cd

  • SHA1

    565dd8267201c430c03b60a248ee8090a3ed679c

  • SHA256

    5ee5e28502d007bf4c87baca630e113ca299c3d917c604eecf1c7a088309a3d1

  • SHA512

    bd6be3b51c9f06ab0e70d5c9daaa115c412f14bffb51bb77a738e5f91c822f06e954f01f447ef16f586feabee44a5d608e3ec474c3c10ed04ce57426f81d9d61

  • SSDEEP

    3072:M2z5CaJrC9lFiePhsQN1c/JRCZf0iQidwF4wR7MJjhwvh3eDD0WyJT99wVUKi5kr:/zTaFZsuc/JwZ8ipdw/ehWuDhm1Ki5

Malware Config

Targets

    • Target

      2024-10-25_4d16e483d4678c1ea1ac16a72742a5cd_virlock

    • Size

      160KB

    • MD5

      4d16e483d4678c1ea1ac16a72742a5cd

    • SHA1

      565dd8267201c430c03b60a248ee8090a3ed679c

    • SHA256

      5ee5e28502d007bf4c87baca630e113ca299c3d917c604eecf1c7a088309a3d1

    • SHA512

      bd6be3b51c9f06ab0e70d5c9daaa115c412f14bffb51bb77a738e5f91c822f06e954f01f447ef16f586feabee44a5d608e3ec474c3c10ed04ce57426f81d9d61

    • SSDEEP

      3072:M2z5CaJrC9lFiePhsQN1c/JRCZf0iQidwF4wR7MJjhwvh3eDD0WyJT99wVUKi5kr:/zTaFZsuc/JwZ8ipdw/ehWuDhm1Ki5

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (87) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks