General

  • Target

    2025-05-02_621e1ec8dc24d55baf76786a734da648_elex_virlock

  • Size

    313KB

  • Sample

    250502-nam32asrv8

  • MD5

    621e1ec8dc24d55baf76786a734da648

  • SHA1

    d7574a1546844d07206f965be31e3c07cc4a69bd

  • SHA256

    4d8d1c96ebf194d984a3d260a814e3ba29d446fc2dc9445cad79811cb904a03f

  • SHA512

    b19e6f4a392a85cae5490dcbbf35aae690b7819e6004060dd2593a7b0bb76c00192d6c7b1ef408fdfb046c4a57dda1dfec98aa43b59ba169dc5693b75a0cbf92

  • SSDEEP

    6144:oZ1PqdcdNeYa9PiToCfB0DYW7fGw0k7CHdTY/3HQjXqxQkdiUDotbH:oZJJdNeYa9QQqw0k7qU/3yqb5C

Malware Config

Targets

    • Target

      2025-05-02_621e1ec8dc24d55baf76786a734da648_elex_virlock

    • Size

      313KB

    • MD5

      621e1ec8dc24d55baf76786a734da648

    • SHA1

      d7574a1546844d07206f965be31e3c07cc4a69bd

    • SHA256

      4d8d1c96ebf194d984a3d260a814e3ba29d446fc2dc9445cad79811cb904a03f

    • SHA512

      b19e6f4a392a85cae5490dcbbf35aae690b7819e6004060dd2593a7b0bb76c00192d6c7b1ef408fdfb046c4a57dda1dfec98aa43b59ba169dc5693b75a0cbf92

    • SSDEEP

      6144:oZ1PqdcdNeYa9PiToCfB0DYW7fGw0k7CHdTY/3HQjXqxQkdiUDotbH:oZJJdNeYa9QQqw0k7qU/3yqb5C

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (85) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks