General
-
Target
2024-06-12_950f149950dedc87a7a8ce5845c83628_virlock
-
Size
119KB
-
Sample
240612-sgl7jatblp
-
MD5
950f149950dedc87a7a8ce5845c83628
-
SHA1
b2294daf22f52d89b5e2b9cae9e8e64f260d9a6a
-
SHA256
7e2a7cf52462d5c27c68fcbf38c5bfacfa358d1f26b2f1d8d904bdaad2fcd61a
-
SHA512
f4a035bffd0d4faa96bdf414f115be08311d61f9d05625a8292309d1ad24004e187cda75fbc9dc358d817359df2f11b3d36d5de23ef56ba067e7ec5984981dc8
-
SSDEEP
3072:EAtlP0D+Ln5ldeXUTj/RR0VADPDRG0DJuzN:EGsD+LnwUTdmODFGoQp
Static task
static1
Behavioral task
behavioral1
Sample
2024-06-12_950f149950dedc87a7a8ce5845c83628_virlock.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-12_950f149950dedc87a7a8ce5845c83628_virlock.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
2024-06-12_950f149950dedc87a7a8ce5845c83628_virlock
-
Size
119KB
-
MD5
950f149950dedc87a7a8ce5845c83628
-
SHA1
b2294daf22f52d89b5e2b9cae9e8e64f260d9a6a
-
SHA256
7e2a7cf52462d5c27c68fcbf38c5bfacfa358d1f26b2f1d8d904bdaad2fcd61a
-
SHA512
f4a035bffd0d4faa96bdf414f115be08311d61f9d05625a8292309d1ad24004e187cda75fbc9dc358d817359df2f11b3d36d5de23ef56ba067e7ec5984981dc8
-
SSDEEP
3072:EAtlP0D+Ln5ldeXUTj/RR0VADPDRG0DJuzN:EGsD+LnwUTdmODFGoQp
Score10/10-
Modifies visibility of file extensions in Explorer
-
Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1