Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-03-04_0bec02b0ded562e0780736a02796f9e9_virlock
-
Size
213KB
-
Sample
240304-rrdsgacd2v
-
MD5
0bec02b0ded562e0780736a02796f9e9
-
SHA1
ed9156cae9db89fdf8c4deab78ebc83b5fb635c8
-
SHA256
480663176f58322ca83227d6cf71b913782d7a6de39a950233c1c7289894d5b8
-
SHA512
8e05daa25e32a136de60a8d183b4d248028da37253c3ae2740dc0b99257f00937fa576e7b2a4dee26011304fd0ad31426d601c2a4157908083c5245eaf562b2e
-
SSDEEP
6144:FCI7EYgIbWZz/4LVsF8vLEka3zz0qAaWaF:FmybWZsL6F8jK3z4qArK
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-04_0bec02b0ded562e0780736a02796f9e9_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-04_0bec02b0ded562e0780736a02796f9e9_virlock.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-03-04_0bec02b0ded562e0780736a02796f9e9_virlock
-
Size
213KB
-
MD5
0bec02b0ded562e0780736a02796f9e9
-
SHA1
ed9156cae9db89fdf8c4deab78ebc83b5fb635c8
-
SHA256
480663176f58322ca83227d6cf71b913782d7a6de39a950233c1c7289894d5b8
-
SHA512
8e05daa25e32a136de60a8d183b4d248028da37253c3ae2740dc0b99257f00937fa576e7b2a4dee26011304fd0ad31426d601c2a4157908083c5245eaf562b2e
-
SSDEEP
6144:FCI7EYgIbWZz/4LVsF8vLEka3zz0qAaWaF:FmybWZsL6F8jK3z4qArK
Score10/10-
Modifies visibility of file extensions in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1