General

  • Target

    2025-05-15_597876344a8093f657f1bcc5d578c9b3_elex_virlock

  • Size

    207KB

  • Sample

    250515-d6tkksyrv9

  • MD5

    597876344a8093f657f1bcc5d578c9b3

  • SHA1

    140c1b8194060f64b13d71a42d79ed7f8bfb0287

  • SHA256

    2af9b8849db6e79262a1ea540a47e959606ea37345c094de6602c80ad8bb7a0b

  • SHA512

    1f38be00fe26e2bb2d6039a7a0228b8dc374801d2cc457d785f41d6007ab77c29a99eb88aff1062ff8b674a1d00384447dbcbbd33b294b3837f571e81e0c94d0

  • SSDEEP

    6144:XX9JwsTgnysqz829S6zhlj5sx36mJas9R96aXBdGSbGmLTZsGAVrGiGqGlG6GjGq:XX9JwYgnpS8gS6zhlj5sx36Dsg3x4PYx

Malware Config

Targets

    • Target

      2025-05-15_597876344a8093f657f1bcc5d578c9b3_elex_virlock

    • Size

      207KB

    • MD5

      597876344a8093f657f1bcc5d578c9b3

    • SHA1

      140c1b8194060f64b13d71a42d79ed7f8bfb0287

    • SHA256

      2af9b8849db6e79262a1ea540a47e959606ea37345c094de6602c80ad8bb7a0b

    • SHA512

      1f38be00fe26e2bb2d6039a7a0228b8dc374801d2cc457d785f41d6007ab77c29a99eb88aff1062ff8b674a1d00384447dbcbbd33b294b3837f571e81e0c94d0

    • SSDEEP

      6144:XX9JwsTgnysqz829S6zhlj5sx36mJas9R96aXBdGSbGmLTZsGAVrGiGqGlG6GjGq:XX9JwYgnpS8gS6zhlj5sx36Dsg3x4PYx

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks