General

  • Target

    2025-01-15_41ac2ad1544a08a63e4b7c3b4d379999_virlock

  • Size

    653KB

  • Sample

    250115-vkeb7synes

  • MD5

    41ac2ad1544a08a63e4b7c3b4d379999

  • SHA1

    1cf17ad86a3eae00f5e54eb9042d0464252d19c3

  • SHA256

    6c58c711c8aeef4b2210a8363143d1682538a44387117044ff60dda628246ab4

  • SHA512

    2fe37994bb9b53385d9e870842c0f0b835479b597469b48ba1af95bdeb30050855a133db17cccfd9ef4e4642b5329d5522afbd9833a674bfbaa36a832ee50fc3

  • SSDEEP

    12288:HSOCPqHTCJAIIAri7mQJvFi67hu/4Jq5qOMme5VH0S9InsATQK8ZDQSbIHku8ik+:HtxzyZizgehuDe5VvQ/

Malware Config

Targets

    • Target

      2025-01-15_41ac2ad1544a08a63e4b7c3b4d379999_virlock

    • Size

      653KB

    • MD5

      41ac2ad1544a08a63e4b7c3b4d379999

    • SHA1

      1cf17ad86a3eae00f5e54eb9042d0464252d19c3

    • SHA256

      6c58c711c8aeef4b2210a8363143d1682538a44387117044ff60dda628246ab4

    • SHA512

      2fe37994bb9b53385d9e870842c0f0b835479b597469b48ba1af95bdeb30050855a133db17cccfd9ef4e4642b5329d5522afbd9833a674bfbaa36a832ee50fc3

    • SSDEEP

      12288:HSOCPqHTCJAIIAri7mQJvFi67hu/4Jq5qOMme5VH0S9InsATQK8ZDQSbIHku8ik+:HtxzyZizgehuDe5VvQ/

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (83) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks