General

  • Target

    2025-05-16_50bc82c8a4636acf5c8be0db5f5637c7_elex_wormlocker

  • Size

    315KB

  • Sample

    250516-bm5gmavm19

  • MD5

    50bc82c8a4636acf5c8be0db5f5637c7

  • SHA1

    7f275487361fed11c44dc8d5b7a32862dd4ea2ac

  • SHA256

    ae0d040f2a267fc8854229491e3f1719a19632b8f71c3a082ac843dff7cdb475

  • SHA512

    f85bf43f57c4099a126293f4b8163aeb70f7c92e596fe92d75161d5eaf1533cbc2960db7996e85154e79d60d11a29909e1330c58aebd929930a00d448a00ce98

  • SSDEEP

    6144:bNsSwIF7ULENQ21NV0zUiqqL2b0jH6iCOpq:bCZIVZ+L/Mt

Malware Config

Targets

    • Target

      2025-05-16_50bc82c8a4636acf5c8be0db5f5637c7_elex_wormlocker

    • Size

      315KB

    • MD5

      50bc82c8a4636acf5c8be0db5f5637c7

    • SHA1

      7f275487361fed11c44dc8d5b7a32862dd4ea2ac

    • SHA256

      ae0d040f2a267fc8854229491e3f1719a19632b8f71c3a082ac843dff7cdb475

    • SHA512

      f85bf43f57c4099a126293f4b8163aeb70f7c92e596fe92d75161d5eaf1533cbc2960db7996e85154e79d60d11a29909e1330c58aebd929930a00d448a00ce98

    • SSDEEP

      6144:bNsSwIF7ULENQ21NV0zUiqqL2b0jH6iCOpq:bCZIVZ+L/Mt

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Renames multiple (65) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Disables Task Manager via registry modification

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks