General

  • Target

    2024-11-15_0d93486d5832871f3ab1143f3d0c9f7a_virlock

  • Size

    564KB

  • Sample

    241115-c9m2ja1mcr

  • MD5

    0d93486d5832871f3ab1143f3d0c9f7a

  • SHA1

    96d5466d74662b93893faab5a627004458ec661a

  • SHA256

    c270f27a16389c85b885f2c1bb8424129827aae6e991ff38748f8843ae704230

  • SHA512

    07eceec3330ce324061e5b780ba7b767d32fdfaba4827a12a7246583d78f2c1b5ed2de87027a3f17933abc1607b30bfe43b938ed09b6430659ecda4480e51caf

  • SSDEEP

    12288:veB2WZrTuf8wSyauDZdrcNneQLbbnmDDTgf1GXl/PLFRQoSvDXWrtkoGiPLlD5/8:v/WZrTufmyauDZFcXZ7XWrtFLSqzYLYg

Malware Config

Targets

    • Target

      2024-11-15_0d93486d5832871f3ab1143f3d0c9f7a_virlock

    • Size

      564KB

    • MD5

      0d93486d5832871f3ab1143f3d0c9f7a

    • SHA1

      96d5466d74662b93893faab5a627004458ec661a

    • SHA256

      c270f27a16389c85b885f2c1bb8424129827aae6e991ff38748f8843ae704230

    • SHA512

      07eceec3330ce324061e5b780ba7b767d32fdfaba4827a12a7246583d78f2c1b5ed2de87027a3f17933abc1607b30bfe43b938ed09b6430659ecda4480e51caf

    • SSDEEP

      12288:veB2WZrTuf8wSyauDZdrcNneQLbbnmDDTgf1GXl/PLFRQoSvDXWrtkoGiPLlD5/8:v/WZrTufmyauDZFcXZ7XWrtFLSqzYLYg

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks