General

  • Target

    2024-11-12_58885690419567786800d4c16d55459f_virlock

  • Size

    562KB

  • Sample

    241112-mw9y9a1drg

  • MD5

    58885690419567786800d4c16d55459f

  • SHA1

    919e6adea49abbc9b8fa93d0a684f3fc5f4557db

  • SHA256

    96d580684c5300a77c7a06debd7df2a480f5f934a6e545bb72962e724e6dfa96

  • SHA512

    48cdd166d50f7e697a8f0b093c31eb93523be635b6cae41cf9429520e08fbd4ba01bd830f1ab6ac642c61474ec4a3e88ebaedc396746b6829d2feb627e32e2b3

  • SSDEEP

    12288:nG8Ls30OYDymXrYRa2XlC901Cln+hUN+54A59zlM9soU1me:FLsELDdrYR9lInEYS59+UYe

Malware Config

Targets

    • Target

      2024-11-12_58885690419567786800d4c16d55459f_virlock

    • Size

      562KB

    • MD5

      58885690419567786800d4c16d55459f

    • SHA1

      919e6adea49abbc9b8fa93d0a684f3fc5f4557db

    • SHA256

      96d580684c5300a77c7a06debd7df2a480f5f934a6e545bb72962e724e6dfa96

    • SHA512

      48cdd166d50f7e697a8f0b093c31eb93523be635b6cae41cf9429520e08fbd4ba01bd830f1ab6ac642c61474ec4a3e88ebaedc396746b6829d2feb627e32e2b3

    • SSDEEP

      12288:nG8Ls30OYDymXrYRa2XlC901Cln+hUN+54A59zlM9soU1me:FLsELDdrYR9lInEYS59+UYe

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (76) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks