General
-
Target
2024-04-03_2337e5389081db45dd5a3758843120b9_virlock
-
Size
155KB
-
Sample
240403-njs1msda27
-
MD5
2337e5389081db45dd5a3758843120b9
-
SHA1
99c46170b63af74b13af173c24f59d287c445608
-
SHA256
72e28253024c7646b511a5ed0c0e675dbd21983dc000a25cd073e41c76f07c71
-
SHA512
37e2d669ef2e0aeb0288dadd7c5222bb60a65c7c05b0e2bac15976b9e97980aedc2b7916dd7012809e098d37ce6eee85ca49c2cf74ed7377d8e0422c494d3fda
-
SSDEEP
3072:6ds4MGhZ1uP8r/p/vOGdzL5Qjjs+FMn5qybA2evlzWcTxV2edrE4bePw:WMGv1vGQL6jjjK5MJ9DNdw4q4
Behavioral task
behavioral1
Sample
2024-04-03_2337e5389081db45dd5a3758843120b9_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_2337e5389081db45dd5a3758843120b9_virlock.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-04-03_2337e5389081db45dd5a3758843120b9_virlock
-
Size
155KB
-
MD5
2337e5389081db45dd5a3758843120b9
-
SHA1
99c46170b63af74b13af173c24f59d287c445608
-
SHA256
72e28253024c7646b511a5ed0c0e675dbd21983dc000a25cd073e41c76f07c71
-
SHA512
37e2d669ef2e0aeb0288dadd7c5222bb60a65c7c05b0e2bac15976b9e97980aedc2b7916dd7012809e098d37ce6eee85ca49c2cf74ed7377d8e0422c494d3fda
-
SSDEEP
3072:6ds4MGhZ1uP8r/p/vOGdzL5Qjjs+FMn5qybA2evlzWcTxV2edrE4bePw:WMGv1vGQL6jjjK5MJ9DNdw4q4
-
Modifies visibility of file extensions in Explorer
-
Renames multiple (83) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1