General
-
Target
2024-04-26_a42894e46caca215cb21bb6d60178927_virlock
-
Size
160KB
-
Sample
240426-kdj9rscg3x
-
MD5
a42894e46caca215cb21bb6d60178927
-
SHA1
3b45ae62635635220401edd576e89f2fb67bba83
-
SHA256
5653ab4d9b7022cff021c0ce35a7fdc77065df80bd5d8d39489681cbb733f9d8
-
SHA512
ab29471920c995c716e9382e2f34353a00ae42014d5ac1c9fed9bcaa4c665dfac96987a27a1c247f6e546a085e0b322022325399f1cc16a8874e3943f66e08f4
-
SSDEEP
3072:83v3hPKcsnpF+fUadjvvXDIPFDrVFAfTU2zCoaeY385K2WjTScMv:8/3hjGGKZxFAfTpf2y5/cS
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-26_a42894e46caca215cb21bb6d60178927_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-26_a42894e46caca215cb21bb6d60178927_virlock.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2024-04-26_a42894e46caca215cb21bb6d60178927_virlock
-
Size
160KB
-
MD5
a42894e46caca215cb21bb6d60178927
-
SHA1
3b45ae62635635220401edd576e89f2fb67bba83
-
SHA256
5653ab4d9b7022cff021c0ce35a7fdc77065df80bd5d8d39489681cbb733f9d8
-
SHA512
ab29471920c995c716e9382e2f34353a00ae42014d5ac1c9fed9bcaa4c665dfac96987a27a1c247f6e546a085e0b322022325399f1cc16a8874e3943f66e08f4
-
SSDEEP
3072:83v3hPKcsnpF+fUadjvvXDIPFDrVFAfTU2zCoaeY385K2WjTScMv:8/3hjGGKZxFAfTpf2y5/cS
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (130) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1