General

  • Target

    2025-05-02_a8968f7ec86b512dee8399339a21f6a2_elex_virlock

  • Size

    206KB

  • Sample

    250502-nxxwrabq9x

  • MD5

    a8968f7ec86b512dee8399339a21f6a2

  • SHA1

    086e24db3b38487875f3b078a67494c8cbf474b4

  • SHA256

    aa4d3447a646818e840fa6e990b74dbb56fc0a4c9b3d9a7bb365c9b44ea4b039

  • SHA512

    08774770eefb047abead79dd8b708011d18d558d61283f617901e95b54e077b64570dc30e6ccc7c840eba9c5bf6a2e2c4d45dd9adc1be8dd3af8e9a6ad07e3ca

  • SSDEEP

    3072:zClwgTWKPDZjQ9+CT0UfP+6LStZbtTpaBSNhhpjKksoPert:ewgTWKPDZWT0p6sZWB6hLGksoPC

Malware Config

Targets

    • Target

      2025-05-02_a8968f7ec86b512dee8399339a21f6a2_elex_virlock

    • Size

      206KB

    • MD5

      a8968f7ec86b512dee8399339a21f6a2

    • SHA1

      086e24db3b38487875f3b078a67494c8cbf474b4

    • SHA256

      aa4d3447a646818e840fa6e990b74dbb56fc0a4c9b3d9a7bb365c9b44ea4b039

    • SHA512

      08774770eefb047abead79dd8b708011d18d558d61283f617901e95b54e077b64570dc30e6ccc7c840eba9c5bf6a2e2c4d45dd9adc1be8dd3af8e9a6ad07e3ca

    • SSDEEP

      3072:zClwgTWKPDZjQ9+CT0UfP+6LStZbtTpaBSNhhpjKksoPert:ewgTWKPDZWT0p6sZWB6hLGksoPC

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (90) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks