General

  • Target

    2025-01-19_357d7fcf001ea7c5ea16fd896cf7d813_virlock

  • Size

    134KB

  • Sample

    250119-qz3k5azrdn

  • MD5

    357d7fcf001ea7c5ea16fd896cf7d813

  • SHA1

    20e8f579064cb4439d68826f6ebb27b8f05daef9

  • SHA256

    0f1ca034293fa81c53597d13a236b28cea6a8f8e3e2aa2b602e479f92e80c779

  • SHA512

    91eb7c6b54edb5823b18b0f3d61809c15702e52f47af4b7f7a538fe91f9fe42bbd78f4defe4009e0693c3764e4f405c60cf948347130d4fe169ef2c877f4128d

  • SSDEEP

    3072:tVlve8rHRN7ao3zLu5Lm7w+9ooqh/I+a/8JvG0Zer6hNsF0+VlA:tVheKH+o3zLu5LZ+TiwJEJvG0Zer6hiM

Malware Config

Targets

    • Target

      2025-01-19_357d7fcf001ea7c5ea16fd896cf7d813_virlock

    • Size

      134KB

    • MD5

      357d7fcf001ea7c5ea16fd896cf7d813

    • SHA1

      20e8f579064cb4439d68826f6ebb27b8f05daef9

    • SHA256

      0f1ca034293fa81c53597d13a236b28cea6a8f8e3e2aa2b602e479f92e80c779

    • SHA512

      91eb7c6b54edb5823b18b0f3d61809c15702e52f47af4b7f7a538fe91f9fe42bbd78f4defe4009e0693c3764e4f405c60cf948347130d4fe169ef2c877f4128d

    • SSDEEP

      3072:tVlve8rHRN7ao3zLu5Lm7w+9ooqh/I+a/8JvG0Zer6hNsF0+VlA:tVheKH+o3zLu5LZ+TiwJEJvG0Zer6hiM

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (57) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks