General

  • Target

    2025-01-15_70d6fb009874d51cff5eac5c7726ee90_virlock

  • Size

    536KB

  • Sample

    250115-tgr88axmgt

  • MD5

    70d6fb009874d51cff5eac5c7726ee90

  • SHA1

    3dffdee819faa2424d8e1e7c7baf2198a1665716

  • SHA256

    04f57ccff4ccc995b773a1002f0192780dba8357c70484a0efe24942f3b99ae1

  • SHA512

    92878bce291051179c04080d187298c0bb735c837611ddd3e6964566b014864700f11adad80a80a6b1fdea0d5c3e7700776b9fa4493096d483b08b3ecae25a69

  • SSDEEP

    12288:Ff7u6sh5VX8VCHjHDLpmBcnFMoVkOq+4z6+0CdYI4GvtZ8f0INjaK:lYh55DnLpmBcFMoVyzz6+0CdWGvtZ8fb

Malware Config

Targets

    • Target

      2025-01-15_70d6fb009874d51cff5eac5c7726ee90_virlock

    • Size

      536KB

    • MD5

      70d6fb009874d51cff5eac5c7726ee90

    • SHA1

      3dffdee819faa2424d8e1e7c7baf2198a1665716

    • SHA256

      04f57ccff4ccc995b773a1002f0192780dba8357c70484a0efe24942f3b99ae1

    • SHA512

      92878bce291051179c04080d187298c0bb735c837611ddd3e6964566b014864700f11adad80a80a6b1fdea0d5c3e7700776b9fa4493096d483b08b3ecae25a69

    • SSDEEP

      12288:Ff7u6sh5VX8VCHjHDLpmBcnFMoVkOq+4z6+0CdYI4GvtZ8f0INjaK:lYh55DnLpmBcFMoVyzz6+0CdWGvtZ8fb

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (75) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks