General

  • Target

    2025-01-15_2172a1a9abb1dde7ae209b4e036b99a8_virlock

  • Size

    652KB

  • Sample

    250115-taxv5axlcz

  • MD5

    2172a1a9abb1dde7ae209b4e036b99a8

  • SHA1

    3f3a6aa32365f3f8999ac1742345d44a800fb290

  • SHA256

    a5c93a4e020f25e56fd1ee531fb7b13f1d65c20029601ddbeca0e138e97fd13c

  • SHA512

    43cd85ca1f266d597d69f5fbf0168733624cb81852bbe0ecfdfbee095ee6a08687d4b360d68b0e96ccc647b91bae3656431af6f2957b7c927cc24a879386e736

  • SSDEEP

    12288:vIm6FyWxQ3ZYkeMGgn25PmLWwTLxxj73hhbZu4S2zjaoSQ+aeaUjSrJC88oVFuTJ:vIBFy04NeMGh5PmL9LnhSmz+baRFA6

Malware Config

Targets

    • Target

      2025-01-15_2172a1a9abb1dde7ae209b4e036b99a8_virlock

    • Size

      652KB

    • MD5

      2172a1a9abb1dde7ae209b4e036b99a8

    • SHA1

      3f3a6aa32365f3f8999ac1742345d44a800fb290

    • SHA256

      a5c93a4e020f25e56fd1ee531fb7b13f1d65c20029601ddbeca0e138e97fd13c

    • SHA512

      43cd85ca1f266d597d69f5fbf0168733624cb81852bbe0ecfdfbee095ee6a08687d4b360d68b0e96ccc647b91bae3656431af6f2957b7c927cc24a879386e736

    • SSDEEP

      12288:vIm6FyWxQ3ZYkeMGgn25PmLWwTLxxj73hhbZu4S2zjaoSQ+aeaUjSrJC88oVFuTJ:vIBFy04NeMGh5PmL9LnhSmz+baRFA6

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks