General
-
Target
2024-04-03_52ef9814c95d98b0656761b76eea14ab_virlock
-
Size
257KB
-
Sample
240403-ya1n8sae9t
-
MD5
52ef9814c95d98b0656761b76eea14ab
-
SHA1
1e7fa2c018361b90ac4fe47f400dd6d7fb6238db
-
SHA256
3688755062e4d2c2b5f8fdd279a5bbe7bdeb7b7dba9ca21e25185906d76804a5
-
SHA512
e225983bb494954476f447791b6bdf17778810537ee6a8c18709c2ff5781ee19fb69fd81ed84cacc92524609e90856d5652ce01351cb6dab9d65b85c235b72a6
-
SSDEEP
3072:d/h20xW9747yNy24gMkzxXNGnnCwJDHGCSfCkCLA329eTAtV6cQV3+z+JPsLveyh:9A0k1Vwn9t9pLA329eTOr83+vj3dv
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_52ef9814c95d98b0656761b76eea14ab_virlock.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2024-04-03_52ef9814c95d98b0656761b76eea14ab_virlock.exe
Resource
win10v2004-20240319-en
Malware Config
Targets
-
-
Target
2024-04-03_52ef9814c95d98b0656761b76eea14ab_virlock
-
Size
257KB
-
MD5
52ef9814c95d98b0656761b76eea14ab
-
SHA1
1e7fa2c018361b90ac4fe47f400dd6d7fb6238db
-
SHA256
3688755062e4d2c2b5f8fdd279a5bbe7bdeb7b7dba9ca21e25185906d76804a5
-
SHA512
e225983bb494954476f447791b6bdf17778810537ee6a8c18709c2ff5781ee19fb69fd81ed84cacc92524609e90856d5652ce01351cb6dab9d65b85c235b72a6
-
SSDEEP
3072:d/h20xW9747yNy24gMkzxXNGnnCwJDHGCSfCkCLA329eTAtV6cQV3+z+JPsLveyh:9A0k1Vwn9t9pLA329eTOr83+vj3dv
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1