MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5fb54f80f02f9b6e928652f1375082eb1584b4516f3f3112d65a3479e80e555. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VirLock


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5fb54f80f02f9b6e928652f1375082eb1584b4516f3f3112d65a3479e80e555
SHA3-384 hash: bcf0d338cd939e44cf766a95dd3b4b10d8c6d5605dab43b6bbaea5fe4c5a921b0c98e3e8060f220e1de71f2ac21f4cea
SHA1 hash: 3373b35b97d499195f448d91e2a9d8fabbeaf3b4
MD5 hash: 7f4e8ef0c2f396e8b743e7d633dbc2b3
humanhash: saturn-snake-timing-alanine
File name:7f4e8ef0_by_Libranalysis
Download: download sample
Signature VirLock
Create hunting rule
File size:763'904 bytes
First seen:2021-05-05 09:02:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c4587542596e6ffc857b3a8e86d830e (1 x VirLock)
ssdeep 12288:NX7q2AHTObEIgD1OGhs0xEgQjNS5VtVsK70lA/urFA6JrbrQ07QlEfXgQX4sTm:82AzcEIs1Od0ZQjCtVsKD5qr3wlEYdsS
Threatray 95 similar samples on MalwareBazaar
TLSH B6F4CFADB96C5331DE5C233B72567AECE9B22473240E0D19BBA80BD4078D2BB16D35D1
Reporter Libranalysis


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/150099/
Detection(s):
Win.Virus.Virlock-6332874-0
Create hunting rule

Win.Virus.Virlock-6804475-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a process from a recently created file
Creating a service
DNS request
Launching a service
Sending an HTTP GET request
Searching for the window
Sending a UDP request
Creating a file in the Windows subdirectories
Creating a file in the %temp% directory
Running batch commands
Deleting a recently created file
Launching a process
Creating a process with a hidden window
Creating a window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun for a service
Changing the Windows explorer settings to hide files extension
Blocking the User Account Control
Enabling autorun
Brute forcing passwords of local accounts
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5fb54f80f02f9b6e928652f1375082eb1584b4516f3f3112d65a3479e80e555/
Threat name:
Win32.Ransomware.VirLock
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 00:46:21 UTC
AV detection:
47 of 48 (97.92%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0a9e2160871be8409cb531b94c71e5411d8f5dcfcfc40c37b65a56923ec71daf
VirLock
30a028001a68cdf37581ab6f3ce9a246ace357589a0f01105f432c09746e317d
VirLock
41e20476662e14ce7e2df3f3755fcbe3cc7c31b7f8a08654eb56333b32272098
VirLock
671fb988c777ad27531f39dd4fb5f4c4483fb7b07e8e493cd72ee8a6572db576
VirLock
89164a030c95d2445557ae7a793a7ab7d849b628fbafb0f483100c580a043a93
VirLock
baeb7f87041595c27abc2df4fd3cbdea1e21144bcd7d9e2bbc3b6251e4af0370
VirLock
c09e2aa12f24fe3f28ea4ece099700c8015daf728b00dc45d94412c81bd5fe03
VirLock
d662eebe16b90f597adeb4a215b05fc65db54078ad55e1d2bd013fda84a64b96
VirLock
f5cb4b0567d7d1dd4b6a26aa9e73651108bdc01e76320bd68b56e65551b38457
VirLock
fa126a21c23cf57eb2ebbc8cd9df0a39707dd64a090f0f299416fca5a7fc63fb
VirLock
+ 85 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence ransomware spyware stealer trojan
Link:
https://tria.ge/reports/210505-x5evhv2s1x/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
Drops file in System32 directory
Adds Run key to start application
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Modifies extensions of user files
Modifies WinLogon for persistence
Modifies visibility of file extensions in Explorer
UAC bypass
Unpacked files
SH256 hash:
f77f2b411402be7c86f55540fac3d34b32cad1c0531d31a6ecba879c5339f0eb
MD5 hash:
b6d816a9f21774609335a8d43b578b08
SHA1 hash:
2ab3c974de3796484e20df08c77a6a41764793c0
Link:
https://www.unpac.me/results/f0eec3dd-114d-41e6-9f44-909971ed224f/
SH256 hash:
4bad48e0000644c8e575af0d163660066c9ee2a5eb857f4997daa139289b398a
MD5 hash:
6ddce8ad24ffc7200f9d0799d2a0b657
SHA1 hash:
21a22b86ef24c5fbd79082cdf1f589b3d009e982
Link:
https://www.unpac.me/results/f0eec3dd-114d-41e6-9f44-909971ed224f/
SH256 hash:
580cd6b7330c9f868c68381b7a3e82e51a9d9cc923137dd370f8b83b2aca0a0b
MD5 hash:
38b5918e650bb761f5c3995f98a4d85e
SHA1 hash:
10bf086060217887d3ab07fc7713e5ebe3a97160
Link:
https://www.unpac.me/results/f0eec3dd-114d-41e6-9f44-909971ed224f/
SH256 hash:
d5fb54f80f02f9b6e928652f1375082eb1584b4516f3f3112d65a3479e80e555
MD5 hash:
7f4e8ef0c2f396e8b743e7d633dbc2b3
SHA1 hash:
3373b35b97d499195f448d91e2a9d8fabbeaf3b4
Link:
https://www.unpac.me/results/f0eec3dd-114d-41e6-9f44-909971ed224f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/150099/

Comments