General
-
Target
202405226f4e87430992ff5e84b5b94c7d1a1f1dvirlock
-
Size
756KB
-
Sample
240522-xzsjgsdc9w
-
MD5
6f4e87430992ff5e84b5b94c7d1a1f1d
-
SHA1
93960fcca153fe58d9ea8ad3af6e069e0d154612
-
SHA256
8a8c61f09dcb72155669a0100a03313c67be8b43d5f8bb4a4ac1a8fb751e7ff3
-
SHA512
3308fa4705156e75766103c4f9e90b138bca0b0b172c7c0930dc232967957c3c5eca1dafaf0754fbad4d2de6407bfb45349cf8f583b8bb323a889510122d7e03
-
SSDEEP
12288:K/gkCRn7y3WnrETtZsNzxOpNg/vljXPHuER1jXkNf4hsZjrpsLq+nkCSpjFrvztY:KXC+WrETKzcEtbtR1jXkNf4hsZxsLq+H
Static task
static1
Behavioral task
behavioral1
Sample
202405226f4e87430992ff5e84b5b94c7d1a1f1dvirlock.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
202405226f4e87430992ff5e84b5b94c7d1a1f1dvirlock.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
202405226f4e87430992ff5e84b5b94c7d1a1f1dvirlock
-
Size
756KB
-
MD5
6f4e87430992ff5e84b5b94c7d1a1f1d
-
SHA1
93960fcca153fe58d9ea8ad3af6e069e0d154612
-
SHA256
8a8c61f09dcb72155669a0100a03313c67be8b43d5f8bb4a4ac1a8fb751e7ff3
-
SHA512
3308fa4705156e75766103c4f9e90b138bca0b0b172c7c0930dc232967957c3c5eca1dafaf0754fbad4d2de6407bfb45349cf8f583b8bb323a889510122d7e03
-
SSDEEP
12288:K/gkCRn7y3WnrETtZsNzxOpNg/vljXPHuER1jXkNf4hsZjrpsLq+nkCSpjFrvztY:KXC+WrETKzcEtbtR1jXkNf4hsZxsLq+H
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (58) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1