General
-
Target
2024-05-27_08bf07617f638ca63e87c9202ba5c263_virlock
-
Size
205KB
-
Sample
240527-hgxcdsbd4t
-
MD5
08bf07617f638ca63e87c9202ba5c263
-
SHA1
04746095bdc5921c67e4e2467e9bd7edc3d6d730
-
SHA256
e5f461064357626ad3a8803cd9432520535324cc6da86adffb78893b9d1153da
-
SHA512
dd05babf5c142fde37b9067cc8bfd226d4317dc115799ee631982669a3b2481a5aaf20903c32d3a5d22bf3962e448d32a19463ee85c2ec8b11bc997d0bd730c2
-
SSDEEP
3072:OqqTE1waj7egh3kk58mMhRI9HU3MEMzbHg9ZCd9Yx562B91q5T/:Oq4Yj7e8FMjuU8zbHg9ua762B90T/
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-27_08bf07617f638ca63e87c9202ba5c263_virlock.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-05-27_08bf07617f638ca63e87c9202ba5c263_virlock.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-05-27_08bf07617f638ca63e87c9202ba5c263_virlock
-
Size
205KB
-
MD5
08bf07617f638ca63e87c9202ba5c263
-
SHA1
04746095bdc5921c67e4e2467e9bd7edc3d6d730
-
SHA256
e5f461064357626ad3a8803cd9432520535324cc6da86adffb78893b9d1153da
-
SHA512
dd05babf5c142fde37b9067cc8bfd226d4317dc115799ee631982669a3b2481a5aaf20903c32d3a5d22bf3962e448d32a19463ee85c2ec8b11bc997d0bd730c2
-
SSDEEP
3072:OqqTE1waj7egh3kk58mMhRI9HU3MEMzbHg9ZCd9Yx562B91q5T/:Oq4Yj7e8FMjuU8zbHg9ua762B90T/
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (61) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1