General

  • Target

    2024-11-06_70af4609cdb55f8a73263d48b10df40c_virlock

  • Size

    644KB

  • Sample

    241106-dqe29atdpg

  • MD5

    70af4609cdb55f8a73263d48b10df40c

  • SHA1

    8abd73dccbff3b769af350047509b20a9c608090

  • SHA256

    db3741f0facbcdc233d7c1d93635ee172a8df040354844c6261d1b70b1152333

  • SHA512

    4afcfc521007d96c4dab3986b7a97c17c86d77cfcc70fa99bed59b3217758b2de644bce9d83441e646bed9a3d5edce83f199f533d2fa6ac580d92af5a9d856a4

  • SSDEEP

    12288:u4AWS45e8HGbs9cwwfxgkCLK2ndCqkQE0o:uQ5ibmCpgkcS0o

Malware Config

Targets

    • Target

      2024-11-06_70af4609cdb55f8a73263d48b10df40c_virlock

    • Size

      644KB

    • MD5

      70af4609cdb55f8a73263d48b10df40c

    • SHA1

      8abd73dccbff3b769af350047509b20a9c608090

    • SHA256

      db3741f0facbcdc233d7c1d93635ee172a8df040354844c6261d1b70b1152333

    • SHA512

      4afcfc521007d96c4dab3986b7a97c17c86d77cfcc70fa99bed59b3217758b2de644bce9d83441e646bed9a3d5edce83f199f533d2fa6ac580d92af5a9d856a4

    • SSDEEP

      12288:u4AWS45e8HGbs9cwwfxgkCLK2ndCqkQE0o:uQ5ibmCpgkcS0o

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (51) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks