Overview

overview

10

Static

static

3

Winlock.exe

windows7-x64

10

Winlock.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Winlock.exe

  • Size

    3.0MB

  • Sample

    230918-2sh4pada9t

  • MD5

    18563c62462e92e3c81dfe737e3a8997

  • SHA1

    46b7af31847f18e886a33779dc53199776d0b666

  • SHA256

    3e84a1296556efb107c12d4b936b0e1a1a7a5a70d6ecd3ed7ecff79e4b39bd54

  • SHA512

    4d835fd33da52baad823017c4af56152e3e9930e885de9587ca6661233cd238ccb326c984bbe3d5c850d317b18bffccf179e0578e0936b2df6dfd656afbd4319

  • SSDEEP

    49152:88ntDZAcCVT1ZgESZlkBg9HCx6CtcX4EwgGW7XoUPIwEi2xQwqM:vZAcCKMECuX4EwN0RIzxQc

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      Winlock.exe

    • Size

      3.0MB

    • MD5

      18563c62462e92e3c81dfe737e3a8997

    • SHA1

      46b7af31847f18e886a33779dc53199776d0b666

    • SHA256

      3e84a1296556efb107c12d4b936b0e1a1a7a5a70d6ecd3ed7ecff79e4b39bd54

    • SHA512

      4d835fd33da52baad823017c4af56152e3e9930e885de9587ca6661233cd238ccb326c984bbe3d5c850d317b18bffccf179e0578e0936b2df6dfd656afbd4319

    • SSDEEP

      49152:88ntDZAcCVT1ZgESZlkBg9HCx6CtcX4EwgGW7XoUPIwEi2xQwqM:vZAcCKMECuX4EwN0RIzxQc

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks