General

  • Target

    2025-05-03_04867ae55074cf0e9204f9365cf426a1_elex_virlock

  • Size

    809KB

  • Sample

    250503-qr9dpswkz7

  • MD5

    04867ae55074cf0e9204f9365cf426a1

  • SHA1

    5c6d48427f1d774ebde194683a55d872bcb207d9

  • SHA256

    1acdab0ba8f5da8262d15dd702dcc08e8e15f617f893ebe0bb0b767664567298

  • SHA512

    52826443d07bbb010c18178d85989fcad5dc327d8cb4d423c4c06a0303d5cf245ae2c1b6d929c46e8280fb565e8bf823172f2b44be1f193e43083ad5fa979083

  • SSDEEP

    12288:dKjOyfbZE9/AJhwsmThLHm1V4OHF2p0FfTwOFkYCzLmP2u1pAdv:dKyyF4AxmVLHm152aFLwzA2

Malware Config

Targets

    • Target

      2025-05-03_04867ae55074cf0e9204f9365cf426a1_elex_virlock

    • Size

      809KB

    • MD5

      04867ae55074cf0e9204f9365cf426a1

    • SHA1

      5c6d48427f1d774ebde194683a55d872bcb207d9

    • SHA256

      1acdab0ba8f5da8262d15dd702dcc08e8e15f617f893ebe0bb0b767664567298

    • SHA512

      52826443d07bbb010c18178d85989fcad5dc327d8cb4d423c4c06a0303d5cf245ae2c1b6d929c46e8280fb565e8bf823172f2b44be1f193e43083ad5fa979083

    • SSDEEP

      12288:dKjOyfbZE9/AJhwsmThLHm1V4OHF2p0FfTwOFkYCzLmP2u1pAdv:dKyyF4AxmVLHm152aFLwzA2

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (87) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks