General
-
Target
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
-
Size
200KB
-
Sample
240403-x5j5asac9s
-
MD5
16110daf1409fd74e4630f0cc4e5869d
-
SHA1
33f2c6cfb4a81cbd57eb16b5fb667ab5c39d8742
-
SHA256
53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43
-
SHA512
1559cb64a2b1aa6c01d3eea100cff003c8dda26fb40084e5aff647997aea552c6362fc119182b59281e910645c6ab5c02858f9ebbdd640ed08c51dbf6cfb1a7a
-
SSDEEP
6144:mVdolfd85vyPXtFt3ohCjkuSNvizItA1YA:Gdol18kFFt3ohCjkLIzgA
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-04-03_16110daf1409fd74e4630f0cc4e5869d_virlock
-
Size
200KB
-
MD5
16110daf1409fd74e4630f0cc4e5869d
-
SHA1
33f2c6cfb4a81cbd57eb16b5fb667ab5c39d8742
-
SHA256
53ca275d20d4b651cc11e14027d8a64f756fe08c8c4c5a6b6bda607c579b4a43
-
SHA512
1559cb64a2b1aa6c01d3eea100cff003c8dda26fb40084e5aff647997aea552c6362fc119182b59281e910645c6ab5c02858f9ebbdd640ed08c51dbf6cfb1a7a
-
SSDEEP
6144:mVdolfd85vyPXtFt3ohCjkuSNvizItA1YA:Gdol18kFFt3ohCjkLIzgA
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (82) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1