General
-
Target
2024-04-28_3414b9dab576b04b3d434d024814b37b_virlock
-
Size
193KB
-
Sample
240428-pnx1tsgb8v
-
MD5
3414b9dab576b04b3d434d024814b37b
-
SHA1
58af35de5df404d5fb254fc6bb12b593ce1a53c8
-
SHA256
fe624bc3ace0ff8a497e2b811b49d7e4cde3c5ca267b71843725d741d9747824
-
SHA512
4f62139ad922da2e23cd313b0d7bdc25b201d72b1d036a2c1f95c9cb0c5767d5c18f5ad48b2668fe7470fd40c63f26ca6bf3fa268581206f7ae3b1ac5a131a57
-
SSDEEP
3072:0sNHrBhbzwGj9vTj9+M9G3S7V4hL8H6X8OUs0DHAa1ApZbNa+Z:0sNLnbzwG9j/9zV4lGOgga1ApZ5B
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-28_3414b9dab576b04b3d434d024814b37b_virlock.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2024-04-28_3414b9dab576b04b3d434d024814b37b_virlock.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
2024-04-28_3414b9dab576b04b3d434d024814b37b_virlock
-
Size
193KB
-
MD5
3414b9dab576b04b3d434d024814b37b
-
SHA1
58af35de5df404d5fb254fc6bb12b593ce1a53c8
-
SHA256
fe624bc3ace0ff8a497e2b811b49d7e4cde3c5ca267b71843725d741d9747824
-
SHA512
4f62139ad922da2e23cd313b0d7bdc25b201d72b1d036a2c1f95c9cb0c5767d5c18f5ad48b2668fe7470fd40c63f26ca6bf3fa268581206f7ae3b1ac5a131a57
-
SSDEEP
3072:0sNHrBhbzwGj9vTj9+M9G3S7V4hL8H6X8OUs0DHAa1ApZbNa+Z:0sNLnbzwG9j/9zV4lGOgga1ApZ5B
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (59) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1