General

  • Target

    2024-11-04_6580b984e232ef58db0e2143bce6137b_virlock

  • Size

    204KB

  • Sample

    241104-bqwnwszdkd

  • MD5

    6580b984e232ef58db0e2143bce6137b

  • SHA1

    bd3469778fa38ab39a4bc81f77c865328339d724

  • SHA256

    16cd5acfac3efa836683a0818f5784ca9a4106c63ce5a45e9bc2a3c30a073784

  • SHA512

    20269c97e1170a3dd51ab97a4825eaabaf4090f411ee45a3c8e6dc8e80703f65f1311cb06619f07342f8caf15c590d5594c17f22fd6b8f9ea1c5fa6aaffb1336

  • SSDEEP

    3072:2YTmda2qk5jP8ejfRN+3QoztE8js6aAydWQ7bua9oFHj:Lka2qsYefgQoztE846LsWPAwHj

Malware Config

Targets

    • Target

      2024-11-04_6580b984e232ef58db0e2143bce6137b_virlock

    • Size

      204KB

    • MD5

      6580b984e232ef58db0e2143bce6137b

    • SHA1

      bd3469778fa38ab39a4bc81f77c865328339d724

    • SHA256

      16cd5acfac3efa836683a0818f5784ca9a4106c63ce5a45e9bc2a3c30a073784

    • SHA512

      20269c97e1170a3dd51ab97a4825eaabaf4090f411ee45a3c8e6dc8e80703f65f1311cb06619f07342f8caf15c590d5594c17f22fd6b8f9ea1c5fa6aaffb1336

    • SSDEEP

      3072:2YTmda2qk5jP8ejfRN+3QoztE8js6aAydWQ7bua9oFHj:Lka2qsYefgQoztE846LsWPAwHj

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks