General

  • Target

    2025-01-19_4fceae18798d6e9d9726d9ebc8e98665_virlock

  • Size

    160KB

  • Sample

    250119-q1mw3azrer

  • MD5

    4fceae18798d6e9d9726d9ebc8e98665

  • SHA1

    226b36156fa3d520a39a7c4a96849cfabce019b8

  • SHA256

    10dec2e5ef89769cdb0d38848f97d27ae129ccb4527e84aae78afc78298a6463

  • SHA512

    c8b57b12e74de9f86a208dd5c8a1493d0124fbd7f65de90fed38c3ce26478c0570bd7f1d3ae73592b43b17fd5b2e0160dc089a1ac536d95e14ea68ebbe500bc4

  • SSDEEP

    3072:mOAYiSnPdfhSwQ9LIJq2BW4O2UGgP3xeMCIpVDblhXPCUJhk:mOrPnFZfQ9LPeWZ2uuuDJxPCUJhk

Malware Config

Targets

    • Target

      2025-01-19_4fceae18798d6e9d9726d9ebc8e98665_virlock

    • Size

      160KB

    • MD5

      4fceae18798d6e9d9726d9ebc8e98665

    • SHA1

      226b36156fa3d520a39a7c4a96849cfabce019b8

    • SHA256

      10dec2e5ef89769cdb0d38848f97d27ae129ccb4527e84aae78afc78298a6463

    • SHA512

      c8b57b12e74de9f86a208dd5c8a1493d0124fbd7f65de90fed38c3ce26478c0570bd7f1d3ae73592b43b17fd5b2e0160dc089a1ac536d95e14ea68ebbe500bc4

    • SSDEEP

      3072:mOAYiSnPdfhSwQ9LIJq2BW4O2UGgP3xeMCIpVDblhXPCUJhk:mOrPnFZfQ9LPeWZ2uuuDJxPCUJhk

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (61) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks