General
-
Target
2024-04-07_fa2bbce90abceb41594a25481006d5d1_virlock
-
Size
568KB
-
Sample
240407-zgyznaea3v
-
MD5
fa2bbce90abceb41594a25481006d5d1
-
SHA1
b47ffb64e038b8d51f89a97322edc1570fc2819f
-
SHA256
aeaf8e23222de81db26d2f326c5a636ae9d9ca8b8ee7f709513003c0277f78e5
-
SHA512
1a8f677d28c3323c5be9df06bea8ead875a5adfdc6f4a4f8d02954578e3e37d008bebe0ab33c04cb25092115f7be71230f0d225a84521de20d80b93af63b0dcc
-
SSDEEP
12288:gunp/UhSkOaYiQotCxFngnizMMq4edFEKiE16jQJA/:RntIYiQoCJgnc7WEKiE16jQJ+
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-07_fa2bbce90abceb41594a25481006d5d1_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-07_fa2bbce90abceb41594a25481006d5d1_virlock.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
2024-04-07_fa2bbce90abceb41594a25481006d5d1_virlock
-
Size
568KB
-
MD5
fa2bbce90abceb41594a25481006d5d1
-
SHA1
b47ffb64e038b8d51f89a97322edc1570fc2819f
-
SHA256
aeaf8e23222de81db26d2f326c5a636ae9d9ca8b8ee7f709513003c0277f78e5
-
SHA512
1a8f677d28c3323c5be9df06bea8ead875a5adfdc6f4a4f8d02954578e3e37d008bebe0ab33c04cb25092115f7be71230f0d225a84521de20d80b93af63b0dcc
-
SSDEEP
12288:gunp/UhSkOaYiQotCxFngnizMMq4edFEKiE16jQJA/:RntIYiQoCJgnc7WEKiE16jQJ+
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (87) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1