Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-25_c195b77f0a549b24a7ea94350254df6c_virlock

  • Size

    211KB

  • Sample

    241025-zkz15avbmg

  • MD5

    c195b77f0a549b24a7ea94350254df6c

  • SHA1

    9c0f21d46693f9faca1731a2fb79627c7e3db927

  • SHA256

    7c8cfbc8e9407a5c9c940881d0ecf07fa183c236e1c5de2547f1a6c826c7197a

  • SHA512

    f8b42a20ae7fc7ebc89bc0cf52147f956c3d7a3afd00b7468fff80c461b0fdfb51519c6dae713171e5a56966f56e96fd26bbf669c40d1890b31db9470152e96b

  • SSDEEP

    3072:+B21+yuuvthQTEBsP9BC/eUzJ2vvTp7G8/175WnMDMuI0NK5JV4CuX3yFKx/TmrG:e21+hTEBOdJ5/MuI9VuX3mqO2Yu

Malware Config

Targets

    • Target

      2024-10-25_c195b77f0a549b24a7ea94350254df6c_virlock

    • Size

      211KB

    • MD5

      c195b77f0a549b24a7ea94350254df6c

    • SHA1

      9c0f21d46693f9faca1731a2fb79627c7e3db927

    • SHA256

      7c8cfbc8e9407a5c9c940881d0ecf07fa183c236e1c5de2547f1a6c826c7197a

    • SHA512

      f8b42a20ae7fc7ebc89bc0cf52147f956c3d7a3afd00b7468fff80c461b0fdfb51519c6dae713171e5a56966f56e96fd26bbf669c40d1890b31db9470152e96b

    • SSDEEP

      3072:+B21+yuuvthQTEBsP9BC/eUzJ2vvTp7G8/175WnMDMuI0NK5JV4CuX3yFKx/TmrG:e21+hTEBOdJ5/MuI9VuX3mqO2Yu

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks