General

  • Target

    2024-11-04_ae045001c5ccb96c7d5f38d0702083b0_virlock

  • Size

    188KB

  • Sample

    241104-bq4z9synaw

  • MD5

    ae045001c5ccb96c7d5f38d0702083b0

  • SHA1

    e5ad3e6089126c2b13d73f201f890da26a65547d

  • SHA256

    f314f54a7cfad73499b000e57b8844ec3855d9e402e0577627f490169142c9bd

  • SHA512

    3076fe29f55b5194ab40f2d34afe130103b1f41a1db149196a88af35bddb95396778796bc0fe7c57e290cb3973403584f80cded2d0387b1716366d4d29a6dee5

  • SSDEEP

    3072:iVUzhF0qDm7vDuPsUuAb+ZD5ZbZ1ZAE4DnWzkeoEcUYk4oGaA31AHEVIdWP3TTvY:YKnDQyZj+ZKDnWzkTEcaA3eHdWTT6

Malware Config

Targets

    • Target

      2024-11-04_ae045001c5ccb96c7d5f38d0702083b0_virlock

    • Size

      188KB

    • MD5

      ae045001c5ccb96c7d5f38d0702083b0

    • SHA1

      e5ad3e6089126c2b13d73f201f890da26a65547d

    • SHA256

      f314f54a7cfad73499b000e57b8844ec3855d9e402e0577627f490169142c9bd

    • SHA512

      3076fe29f55b5194ab40f2d34afe130103b1f41a1db149196a88af35bddb95396778796bc0fe7c57e290cb3973403584f80cded2d0387b1716366d4d29a6dee5

    • SSDEEP

      3072:iVUzhF0qDm7vDuPsUuAb+ZD5ZbZ1ZAE4DnWzkeoEcUYk4oGaA31AHEVIdWP3TTvY:YKnDQyZj+ZKDnWzkTEcaA3eHdWTT6

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (64) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks