General
-
Target
2024-06-08_07afcc83de3db7fd8a2f8603ee9d0088_virlock
-
Size
132KB
-
Sample
240608-mvfzsabh25
-
MD5
07afcc83de3db7fd8a2f8603ee9d0088
-
SHA1
1de88d53b1c003a50d8701b33a62facabb733c1e
-
SHA256
3e2047e4db44f6d834dae004f5cbd7dd337195c6d5ce3473dd065244c1b77181
-
SHA512
d23fcbd4dc7d33304ceaaaef86c371696b55fb68841fbf75c42b7e3d52a7333fd1eba21aad7a4589065ba39c0ad8a2434053d99a76a3c3c6414a08190980bb87
-
SSDEEP
3072:GFYOZ9YqKvaZ5FPZmLBllZSBZtYycCiV+I:tOk0FRmLLloZy59V+
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-08_07afcc83de3db7fd8a2f8603ee9d0088_virlock.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-08_07afcc83de3db7fd8a2f8603ee9d0088_virlock.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
2024-06-08_07afcc83de3db7fd8a2f8603ee9d0088_virlock
-
Size
132KB
-
MD5
07afcc83de3db7fd8a2f8603ee9d0088
-
SHA1
1de88d53b1c003a50d8701b33a62facabb733c1e
-
SHA256
3e2047e4db44f6d834dae004f5cbd7dd337195c6d5ce3473dd065244c1b77181
-
SHA512
d23fcbd4dc7d33304ceaaaef86c371696b55fb68841fbf75c42b7e3d52a7333fd1eba21aad7a4589065ba39c0ad8a2434053d99a76a3c3c6414a08190980bb87
-
SSDEEP
3072:GFYOZ9YqKvaZ5FPZmLBllZSBZtYycCiV+I:tOk0FRmLLloZy59V+
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (53) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1