General
-
Target
2024-06-08_cd532e65e7fdbd2e63fb518a517df663_virlock
-
Size
154KB
-
Sample
240608-nzyaascc54
-
MD5
cd532e65e7fdbd2e63fb518a517df663
-
SHA1
289499a10d3ba63dfe696488e27e0714965f7226
-
SHA256
a45601417ce50418400fd88b1a3f8282271c4e9e3f4c1948362296333b1f5fdb
-
SHA512
237a64ab6581032132c86f4702179c29b94c9c6486116f657fe4760d536fc47ab5427f7de0648057ea97ad2a72112d8c73a9f8bde8057f9b32c28a0c47f2f559
-
SSDEEP
3072:ZgexCrI7E6KAuqnHRMmh4tSPdOW7lydClfeDoxXb6TzA0zPZYgJo8z6L2gej:6exB7EpAct4cW7lydN8x+3Nbz/
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-08_cd532e65e7fdbd2e63fb518a517df663_virlock.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2024-06-08_cd532e65e7fdbd2e63fb518a517df663_virlock.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2024-06-08_cd532e65e7fdbd2e63fb518a517df663_virlock
-
Size
154KB
-
MD5
cd532e65e7fdbd2e63fb518a517df663
-
SHA1
289499a10d3ba63dfe696488e27e0714965f7226
-
SHA256
a45601417ce50418400fd88b1a3f8282271c4e9e3f4c1948362296333b1f5fdb
-
SHA512
237a64ab6581032132c86f4702179c29b94c9c6486116f657fe4760d536fc47ab5427f7de0648057ea97ad2a72112d8c73a9f8bde8057f9b32c28a0c47f2f559
-
SSDEEP
3072:ZgexCrI7E6KAuqnHRMmh4tSPdOW7lydClfeDoxXb6TzA0zPZYgJo8z6L2gej:6exB7EpAct4cW7lydN8x+3Nbz/
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (58) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1