General

  • Target

    2024-11-04_3f83ff6ed6c5143c3f5b5d2df211d870_virlock

  • Size

    197KB

  • Sample

    241104-bqm2raslhq

  • MD5

    3f83ff6ed6c5143c3f5b5d2df211d870

  • SHA1

    a4690dd168ddf64cc0d8668f918c16650e9d8856

  • SHA256

    db0f5b878e6eb1fdb208a1b3fa600ae21acf085e6192c77cbeb5afcaf0f671f9

  • SHA512

    48c4ca30e1d5100479974a53c186b70f7c028206430f5b353b112985e625d745a3569d74fc79a98f0775e30c779b989d927332b607aa144b1419e1478686d037

  • SSDEEP

    3072:x8eCcdYyihtjS7oIVTZMbRbdY7+EkYV/912r/zDI4Bun7uhKD5kY6q4:ieSyihxS7oIsbNO91YL7eKxR

Malware Config

Targets

    • Target

      2024-11-04_3f83ff6ed6c5143c3f5b5d2df211d870_virlock

    • Size

      197KB

    • MD5

      3f83ff6ed6c5143c3f5b5d2df211d870

    • SHA1

      a4690dd168ddf64cc0d8668f918c16650e9d8856

    • SHA256

      db0f5b878e6eb1fdb208a1b3fa600ae21acf085e6192c77cbeb5afcaf0f671f9

    • SHA512

      48c4ca30e1d5100479974a53c186b70f7c028206430f5b353b112985e625d745a3569d74fc79a98f0775e30c779b989d927332b607aa144b1419e1478686d037

    • SSDEEP

      3072:x8eCcdYyihtjS7oIVTZMbRbdY7+EkYV/912r/zDI4Bun7uhKD5kY6q4:ieSyihxS7oIsbNO91YL7eKxR

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks