General
-
Target
2024-06-12_1ec01bb7da942cc1d3962fd0a62d3ef0_virlock
-
Size
117KB
-
Sample
240612-nng4yashlb
-
MD5
1ec01bb7da942cc1d3962fd0a62d3ef0
-
SHA1
0360a9c353c52d25d1c074bcd4871fa565d319fd
-
SHA256
b4e1dfb37cdbecc2eb7e0dfb3fed86ae61df2f7b49d959c7436a113f45ffdb0f
-
SHA512
907563ffaed2ea9ac821725ba5706bebd7758be4a4080876732653d422c0a899139f40891dd8a5eb1fb4534bed114976bdcdec434740e04085f07b2732717e0e
-
SSDEEP
3072:i3gpmUE0e0ruOMOpgpEf+I84mXzWLJiT6n1idva3Ceka3vuggggggggg:YgcUkOMOpgg+vOiTsyvde
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-12_1ec01bb7da942cc1d3962fd0a62d3ef0_virlock.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2024-06-12_1ec01bb7da942cc1d3962fd0a62d3ef0_virlock.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2024-06-12_1ec01bb7da942cc1d3962fd0a62d3ef0_virlock
-
Size
117KB
-
MD5
1ec01bb7da942cc1d3962fd0a62d3ef0
-
SHA1
0360a9c353c52d25d1c074bcd4871fa565d319fd
-
SHA256
b4e1dfb37cdbecc2eb7e0dfb3fed86ae61df2f7b49d959c7436a113f45ffdb0f
-
SHA512
907563ffaed2ea9ac821725ba5706bebd7758be4a4080876732653d422c0a899139f40891dd8a5eb1fb4534bed114976bdcdec434740e04085f07b2732717e0e
-
SSDEEP
3072:i3gpmUE0e0ruOMOpgpEf+I84mXzWLJiT6n1idva3Ceka3vuggggggggg:YgcUkOMOpgg+vOiTsyvde
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1