General
-
Target
2024052224cc58ba86644aec1ee293d3045b430bvirlock
-
Size
256KB
-
Sample
240522-wdak4sag9x
-
MD5
24cc58ba86644aec1ee293d3045b430b
-
SHA1
0a55b01fbec5628d63ff71bb63f61b8303ebff09
-
SHA256
9fe7c4cc7821b12dd6a5910820da79e4482bb2a7735bc5a0c8f72a56cd7cc9d2
-
SHA512
d8ffa4c58ea7802ae5454a3469ad8447e433d5d3e02696d13bb2fc4161c6aaf4b614f5483d6ccc1062652f9b334c2d230c9f353ff0e4b0c5dc9fee8598015dfe
-
SSDEEP
3072:r3CuU3QAu8Y4KO0yyki/hacHMpBiE3WUxihyuLZypoY5kJXpSrtMhmj:rmAAALXZwiZUxzOZypoY5CXpSrChW
Static task
static1
Behavioral task
behavioral1
Sample
2024052224cc58ba86644aec1ee293d3045b430bvirlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024052224cc58ba86644aec1ee293d3045b430bvirlock.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2024052224cc58ba86644aec1ee293d3045b430bvirlock
-
Size
256KB
-
MD5
24cc58ba86644aec1ee293d3045b430b
-
SHA1
0a55b01fbec5628d63ff71bb63f61b8303ebff09
-
SHA256
9fe7c4cc7821b12dd6a5910820da79e4482bb2a7735bc5a0c8f72a56cd7cc9d2
-
SHA512
d8ffa4c58ea7802ae5454a3469ad8447e433d5d3e02696d13bb2fc4161c6aaf4b614f5483d6ccc1062652f9b334c2d230c9f353ff0e4b0c5dc9fee8598015dfe
-
SSDEEP
3072:r3CuU3QAu8Y4KO0yyki/hacHMpBiE3WUxihyuLZypoY5kJXpSrtMhmj:rmAAALXZwiZUxzOZypoY5CXpSrChW
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (89) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1