General

  • Target

    2025-05-15_e79192fe82e2ffbec09b221a900111f4_elex_virlock

  • Size

    196KB

  • Sample

    250516-a23e5sbq7z

  • MD5

    e79192fe82e2ffbec09b221a900111f4

  • SHA1

    411e34006b18739cd8e5da36752cb128f120e75e

  • SHA256

    0d3474e32c85d2b77bbfbdabe4864d018ac37134ab1105b93cf574b13e0ce79d

  • SHA512

    56864093af5b12d1f65fee42338c8cf396b0676b210509bd7fa1ea6d7d927c684e7ccda94a252513351da999e31428ab633541497c1597d3c8d4b13ca4875379

  • SSDEEP

    3072:SUq51We4buY980oWXU9GHa8YXW0Fc7kShqZZy8C2xIhEDrw:k1XPq8jpI7Y07Twt7

Malware Config

Targets

    • Target

      2025-05-15_e79192fe82e2ffbec09b221a900111f4_elex_virlock

    • Size

      196KB

    • MD5

      e79192fe82e2ffbec09b221a900111f4

    • SHA1

      411e34006b18739cd8e5da36752cb128f120e75e

    • SHA256

      0d3474e32c85d2b77bbfbdabe4864d018ac37134ab1105b93cf574b13e0ce79d

    • SHA512

      56864093af5b12d1f65fee42338c8cf396b0676b210509bd7fa1ea6d7d927c684e7ccda94a252513351da999e31428ab633541497c1597d3c8d4b13ca4875379

    • SSDEEP

      3072:SUq51We4buY980oWXU9GHa8YXW0Fc7kShqZZy8C2xIhEDrw:k1XPq8jpI7Y07Twt7

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (95) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks