General

  • Target

    2025-05-15_a4fc0a62272348829dc5cca96cb6052e_elex_virlock

  • Size

    773KB

  • Sample

    250515-ebptkszjw7

  • MD5

    a4fc0a62272348829dc5cca96cb6052e

  • SHA1

    15a61a4dde842a0a209667ed015afce1b1dc4f64

  • SHA256

    7214620d852c5b9a7f0d1f7874b6ec8e18921286ecd425aad41b52034f143c8b

  • SHA512

    b1c8c6e4b4c48214d8d0f3a17989525027a015771fd5ce17e38671167b097588215a2d4c902f6b2dbec4c86f08a0a6b33f4786edf9d25e1e8b29778cc2205d5d

  • SSDEEP

    6144:O1iUw2NqcxdtsvlbJ+oke9e0YkXqmitj+LlMJ:YiUJNqcxdqvlbJzkeFY5mLlMJ

Malware Config

Targets

    • Target

      2025-05-15_a4fc0a62272348829dc5cca96cb6052e_elex_virlock

    • Size

      773KB

    • MD5

      a4fc0a62272348829dc5cca96cb6052e

    • SHA1

      15a61a4dde842a0a209667ed015afce1b1dc4f64

    • SHA256

      7214620d852c5b9a7f0d1f7874b6ec8e18921286ecd425aad41b52034f143c8b

    • SHA512

      b1c8c6e4b4c48214d8d0f3a17989525027a015771fd5ce17e38671167b097588215a2d4c902f6b2dbec4c86f08a0a6b33f4786edf9d25e1e8b29778cc2205d5d

    • SSDEEP

      6144:O1iUw2NqcxdtsvlbJ+oke9e0YkXqmitj+LlMJ:YiUJNqcxdqvlbJzkeFY5mLlMJ

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks