November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Nanocore Rat – Active IOCs
July 13, 2022Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
July 13, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
July 13, 2022Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
July 13, 2022
Severity
High
Analysis Summary
Virlock is a file-infecting ransomware that was initially found in 2014 but reappeared in 2016 and 2017. Virlock revealed new abilities with each reappearance, showing that the threat actors are continually developing and updating the malware. It showed unique capabilities in 2016 that allowed it to expand through shared apps and cloud storage. During the initial stage of its attack, this ransomware drops three instances of itself, each with its own obfuscation and persistence techniques. By altering the functionality implemented by each instance, Virlock ensures that all three instances can evade a signature-based detection system. Virlock, like other ransomware, demands payment in Bitcoin from the victim in order to decrypt their machines.
Impact
- File Encryption
Indicators of Compromise
MD5
- ec7b340c4ed0a3b6da5c14a9a0a94c24
SHA-256
- de3c5c28d78dc861164ba952eab4013cdd03fb0d2de3ebaac574eea4fcc150ba
SHA-1
- c2a0f95949addb160485fb0ced0a052b14ec4d05
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.