Rewterz Threat Alert – Hive Ransomware – Active IOCs
July 31, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
August 1, 2022Rewterz Threat Alert – Hive Ransomware – Active IOCs
July 31, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
August 1, 2022Severity
High
Analysis Summary
Virlock is a file-infecting ransomware that was initially found in 2014 but reappeared in 2016 and 2017. Virlock revealed new abilities with each reappearance, showing that the threat actors are continually developing and updating the malware. It showed unique capabilities in 2016 that allowed it to expand through shared apps and cloud storage. During the initial stage of its attack, this ransomware drops three instances of itself, each with its own obfuscation and persistence techniques. By altering the functionality implemented by each instance, Virlock ensures that all three instances can evade a signature-based detection system. Virlock, like other ransomware, demands payment in Bitcoin from the victim in order to decrypt their machines.
Impact
- File Encryption
Indicators of Compromise
MD5
- 9b29e9b4aef5e43a7489e5ea5d8cdf66
SHA-256
- 601ed5acf86d1a65457d3c28f98532117917424bc243ed905876b2c5d90dc0ed
SHA-1
- cddc3fee905d9ef95e2c031157407c5261aa6825
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.