General
-
Target
2025-05-16_50bc82c8a4636acf5c8be0db5f5637c7_elex_wormlocker
-
Size
315KB
-
Sample
250516-bptg5svnt7
-
MD5
50bc82c8a4636acf5c8be0db5f5637c7
-
SHA1
7f275487361fed11c44dc8d5b7a32862dd4ea2ac
-
SHA256
ae0d040f2a267fc8854229491e3f1719a19632b8f71c3a082ac843dff7cdb475
-
SHA512
f85bf43f57c4099a126293f4b8163aeb70f7c92e596fe92d75161d5eaf1533cbc2960db7996e85154e79d60d11a29909e1330c58aebd929930a00d448a00ce98
-
SSDEEP
6144:bNsSwIF7ULENQ21NV0zUiqqL2b0jH6iCOpq:bCZIVZ+L/Mt
Static task
static1
Behavioral task
behavioral1
Sample
2025-05-16_50bc82c8a4636acf5c8be0db5f5637c7_elex_wormlocker.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-05-16_50bc82c8a4636acf5c8be0db5f5637c7_elex_wormlocker.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-05-16_50bc82c8a4636acf5c8be0db5f5637c7_elex_wormlocker
-
Size
315KB
-
MD5
50bc82c8a4636acf5c8be0db5f5637c7
-
SHA1
7f275487361fed11c44dc8d5b7a32862dd4ea2ac
-
SHA256
ae0d040f2a267fc8854229491e3f1719a19632b8f71c3a082ac843dff7cdb475
-
SHA512
f85bf43f57c4099a126293f4b8163aeb70f7c92e596fe92d75161d5eaf1533cbc2960db7996e85154e79d60d11a29909e1330c58aebd929930a00d448a00ce98
-
SSDEEP
6144:bNsSwIF7ULENQ21NV0zUiqqL2b0jH6iCOpq:bCZIVZ+L/Mt
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (63) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Drops file in System32 directory
-