General
-
Target
2024-04-25_26f16e7e09ce4f1c6ba337c2d108d986_virlock
-
Size
242KB
-
Sample
240425-zlrq5see7v
-
MD5
26f16e7e09ce4f1c6ba337c2d108d986
-
SHA1
471e58b99ad5c8911a23e4f266ce4fd6d06e8678
-
SHA256
cc80beb3dd128d2e9f4dbccf75b2308054ac60ecb78efb172ad9cfee9a532f2a
-
SHA512
b950cec6262db190b327407f08a7b83f388dade9a0829ff7b69c20d3ed80711683684b7693c515c07e04250ec859aa3c291b3166e8b23dd31ea5c4c7be1febe9
-
SSDEEP
6144:TCWf6JNNj85WjWGqEOADxcyd4dRHyiUfVlK2:V6jNvWQHyydO9yiUNr
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-25_26f16e7e09ce4f1c6ba337c2d108d986_virlock.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-04-25_26f16e7e09ce4f1c6ba337c2d108d986_virlock.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2024-04-25_26f16e7e09ce4f1c6ba337c2d108d986_virlock
-
Size
242KB
-
MD5
26f16e7e09ce4f1c6ba337c2d108d986
-
SHA1
471e58b99ad5c8911a23e4f266ce4fd6d06e8678
-
SHA256
cc80beb3dd128d2e9f4dbccf75b2308054ac60ecb78efb172ad9cfee9a532f2a
-
SHA512
b950cec6262db190b327407f08a7b83f388dade9a0829ff7b69c20d3ed80711683684b7693c515c07e04250ec859aa3c291b3166e8b23dd31ea5c4c7be1febe9
-
SSDEEP
6144:TCWf6JNNj85WjWGqEOADxcyd4dRHyiUfVlK2:V6jNvWQHyydO9yiUNr
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (55) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1