General
-
Target
https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r
-
Sample
241110-dmhc7sxpet
Malware Config
Targets
-
-
Target
https://www.google.com/search?q=cool+pcviruses&sca_esv=ebb47a98c5227d4f&rlz=1C1RXQR_enCA1085CA1085&sxsrf=ADLYWIL1jJ6tEozOXVwK-t4j3efTK2g6Cw%3A1731208009235&ei=SSMwZ72GDsrV5NoP_L_Y8AI&ved=0ahUKEwj9zrCz5NCJAxXKKlkFHfwfFi4Q4dUDCA8&uact=5&oq=cool+pcviruses&gs_lp=Egxnd3Mtd2l6LXNlcnAiDmNvb2wgcGN2aXJ1c2VzMggQABiABBiiBDIIEAAYgAQYogQyCBAAGIAEGKIESOUXUJkUWLUVcAJ4AZABAJgBXqABtgGqAQEyuAEDyAEA-AEBmAICoAK8AcICBxAAGIAEGA3CAgoQABiABBjHAxgNwgIIEAAYBRgNGB7CAggQABgIGA0YHsICChAAGAgYDRgeGA-YAwCIBgGSBwEyoAe5CQ&sclient=gws-wiz-serp#fpr=r
Score10/10-
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
-
Infinitylock family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-