Overview

overview

10

Static

static

3

WinLock.exe

windows7-x64

10

WinLock.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    WinLock.exe

  • Size

    509KB

  • Sample

    231011-2wj56acd26

  • MD5

    781497f394bbd940eea440f8959335d4

  • SHA1

    721b894cf4961c4d251fe8cb73d7c185760af0e4

  • SHA256

    a35c8c43048c667950a8d85b6f1c39fc85ac8d193f8c5c6db853b1aa3ccb2224

  • SHA512

    525e2c79d2aa1cb0812283fc0042cea62e2314e9b43fa3b59fd5cb8eec4ad8835aeb1e375b77943f6067db2b1fbea006d5ddaac69cac3d99a1c1e8576a0bd9db

  • SSDEEP

    12288:DtxZtxim7xbyl+s6Fp29dhtZKJuIzaRjkCZsPBkMr4sfO:fX8W6+VFw93tZKJHk9sPBlr+

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      WinLock.exe

    • Size

      509KB

    • MD5

      781497f394bbd940eea440f8959335d4

    • SHA1

      721b894cf4961c4d251fe8cb73d7c185760af0e4

    • SHA256

      a35c8c43048c667950a8d85b6f1c39fc85ac8d193f8c5c6db853b1aa3ccb2224

    • SHA512

      525e2c79d2aa1cb0812283fc0042cea62e2314e9b43fa3b59fd5cb8eec4ad8835aeb1e375b77943f6067db2b1fbea006d5ddaac69cac3d99a1c1e8576a0bd9db

    • SSDEEP

      12288:DtxZtxim7xbyl+s6Fp29dhtZKJuIzaRjkCZsPBkMr4sfO:fX8W6+VFw93tZKJHk9sPBlr+

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks