Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-25_8e782cac58f71030697e645c49f55665_virlock

  • Size

    238KB

  • Sample

    241025-zg7xkawbkm

  • MD5

    8e782cac58f71030697e645c49f55665

  • SHA1

    3af0b4b6152a90cb41d88da9cdacbc253189ea9d

  • SHA256

    5fa9eaf2cc08ff4f5fb05bff941e0b2b170c008b3a11f1ea0975423ef7c5f37f

  • SHA512

    d3af506538ad7cc1745dde8e8f28f640487888ca0d55cfde3fee789728a3e9055714e967c3719c00a350adeabad88f0ab600acd604cd1406a117ff9c993e3fab

  • SSDEEP

    6144:wm+HHwkXD+IxNyv3VxKLweJoUYN66n9bCo4uoGPctjwdWnqMGy9ZkW:wm62IxNcgLweQ66lrAwd1tyEW

Malware Config

Targets

    • Target

      2024-10-25_8e782cac58f71030697e645c49f55665_virlock

    • Size

      238KB

    • MD5

      8e782cac58f71030697e645c49f55665

    • SHA1

      3af0b4b6152a90cb41d88da9cdacbc253189ea9d

    • SHA256

      5fa9eaf2cc08ff4f5fb05bff941e0b2b170c008b3a11f1ea0975423ef7c5f37f

    • SHA512

      d3af506538ad7cc1745dde8e8f28f640487888ca0d55cfde3fee789728a3e9055714e967c3719c00a350adeabad88f0ab600acd604cd1406a117ff9c993e3fab

    • SSDEEP

      6144:wm+HHwkXD+IxNyv3VxKLweJoUYN66n9bCo4uoGPctjwdWnqMGy9ZkW:wm62IxNcgLweQ66lrAwd1tyEW

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks