General
-
Target
2024-04-03_62d94572fce9449bd38be7a0ee14ce65_virlock
-
Size
203KB
-
Sample
240403-ybyahaba42
-
MD5
62d94572fce9449bd38be7a0ee14ce65
-
SHA1
026c27643b88dc0e28716e14dc2927f1c8af838f
-
SHA256
2f0333b641a119dfdcb5f0a3986598cdd2dffbdae64a00ec8fcd93992e84dc31
-
SHA512
185c6b87ca395a1d6e56b8c5634d6496e9f85e6092cb5d2d71a75c50d05364d9ed6c5a9ee212dc0605fd709ae05c0e15c7380a655e29d1dc867be02591c87709
-
SSDEEP
6144:MEhzA7G+VBDD1igoBl2KgBEp4gkJSALmznXTjG9hs:1A7G+VBDD1i/gykUPnG9h
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-03_62d94572fce9449bd38be7a0ee14ce65_virlock.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-04-03_62d94572fce9449bd38be7a0ee14ce65_virlock.exe
Resource
win10v2004-20240319-en
Malware Config
Targets
-
-
Target
2024-04-03_62d94572fce9449bd38be7a0ee14ce65_virlock
-
Size
203KB
-
MD5
62d94572fce9449bd38be7a0ee14ce65
-
SHA1
026c27643b88dc0e28716e14dc2927f1c8af838f
-
SHA256
2f0333b641a119dfdcb5f0a3986598cdd2dffbdae64a00ec8fcd93992e84dc31
-
SHA512
185c6b87ca395a1d6e56b8c5634d6496e9f85e6092cb5d2d71a75c50d05364d9ed6c5a9ee212dc0605fd709ae05c0e15c7380a655e29d1dc867be02591c87709
-
SSDEEP
6144:MEhzA7G+VBDD1igoBl2KgBEp4gkJSALmznXTjG9hs:1A7G+VBDD1i/gykUPnG9h
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (65) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1