General
-
Target
2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
-
Size
111KB
-
Sample
240403-mnnfaacf56
-
MD5
fcae4b3ff43c32e4e3c7b8e3f97cab86
-
SHA1
23a2ccb9e19103ee725f0e9648fc26f6e264fb44
-
SHA256
c73a86117863dd382b1bf3b47cc95d79b111fadff9665e82193d265b5437a6d7
-
SHA512
b03c4755b079d783c690c29c0200b9dbc9b971f193c26adc6f5faa307c72251fbfef430bf103ed76db04d44e14c1a834b1fe59c575d7775edde6bbc04420fa56
-
SSDEEP
1536:G816PIW+BIpLV1r1K06qmiFMt6wCjZx8RYE0MaVhH0pkL38gcMsylrEnf7cuKaKM:GSd61rl77ZjZCYE4VMk73rEf75KDM
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-04-03_fcae4b3ff43c32e4e3c7b8e3f97cab86_virlock
-
Size
111KB
-
MD5
fcae4b3ff43c32e4e3c7b8e3f97cab86
-
SHA1
23a2ccb9e19103ee725f0e9648fc26f6e264fb44
-
SHA256
c73a86117863dd382b1bf3b47cc95d79b111fadff9665e82193d265b5437a6d7
-
SHA512
b03c4755b079d783c690c29c0200b9dbc9b971f193c26adc6f5faa307c72251fbfef430bf103ed76db04d44e14c1a834b1fe59c575d7775edde6bbc04420fa56
-
SSDEEP
1536:G816PIW+BIpLV1r1K06qmiFMt6wCjZx8RYE0MaVhH0pkL38gcMsylrEnf7cuKaKM:GSd61rl77ZjZCYE4VMk73rEf75KDM
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1