General
-
Target
2024-10-19_07540665a1eb01b36d37811081e86979_virlock
-
Size
242KB
-
Sample
241019-1ka8fasflm
-
MD5
07540665a1eb01b36d37811081e86979
-
SHA1
f9a53c87c7fd1134b79240c6ffd8fa10c20cce94
-
SHA256
42fb691ff2822651fc1de2eb10c176320d2a97c76d824e600ba4c5df4d415a2a
-
SHA512
81c5713ee59fe5c28b13d76267a861d975877d84a86719ddbdb8ecb254a1d537c8dcd9114e896fcde9f2012dd31750e03f8010563073bc5b75ec7fb728b53934
-
SSDEEP
6144:K/4bt1qFQhe/l2ISLrFFt2U43wD63ak6stI:Tbt1q6he/l2ISLrFFErp4l
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-10-19_07540665a1eb01b36d37811081e86979_virlock
-
Size
242KB
-
MD5
07540665a1eb01b36d37811081e86979
-
SHA1
f9a53c87c7fd1134b79240c6ffd8fa10c20cce94
-
SHA256
42fb691ff2822651fc1de2eb10c176320d2a97c76d824e600ba4c5df4d415a2a
-
SHA512
81c5713ee59fe5c28b13d76267a861d975877d84a86719ddbdb8ecb254a1d537c8dcd9114e896fcde9f2012dd31750e03f8010563073bc5b75ec7fb728b53934
-
SSDEEP
6144:K/4bt1qFQhe/l2ISLrFFt2U43wD63ak6stI:Tbt1q6he/l2ISLrFFErp4l
-
Modifies visibility of file extensions in Explorer
-
Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1