Overview

overview

10

Static

static

3

Winlocker.exe

windows10-2004-x64

Resubmissions

14-10-2024 08:05

241014-jyw9dssclc 10

29-04-2024 17:22

240429-vx1qzage2x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Winlocker.exe

  • Size

    18KB

  • Sample

    240429-vx1qzage2x

  • MD5

    f17aa8c813d60fc139510070c83228b1

  • SHA1

    0ecf72d2d6d3be23300aa16ceea78d551ca98ebf

  • SHA256

    6c8db88f41c43a13c2dbf6ee8317b0fc6702590c3aac12bdadf7142c524958ac

  • SHA512

    764693c9beace369424297ee65a15535b6bf26465d849d34bf010061e44b8ef9e0fe82fe88dc52bb2b48a6e197f4da5d51c46a768fee992606d794324677adb9

  • SSDEEP

    384:NlFftUnn8BYQ3Lq+IyOLVSf9xKo6kYcV6O7UiJFnh:TFfSPTyOLb8YcV6O4izh

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      Winlocker.exe

    • Size

      18KB

    • MD5

      f17aa8c813d60fc139510070c83228b1

    • SHA1

      0ecf72d2d6d3be23300aa16ceea78d551ca98ebf

    • SHA256

      6c8db88f41c43a13c2dbf6ee8317b0fc6702590c3aac12bdadf7142c524958ac

    • SHA512

      764693c9beace369424297ee65a15535b6bf26465d849d34bf010061e44b8ef9e0fe82fe88dc52bb2b48a6e197f4da5d51c46a768fee992606d794324677adb9

    • SSDEEP

      384:NlFftUnn8BYQ3Lq+IyOLVSf9xKo6kYcV6O7UiJFnh:TFfSPTyOLb8YcV6O4izh

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables Task Manager via registry modification

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks