General

  • Target

    2025-05-19_db85235cef0bce8ca94df2eec1a80419_elex_virlock

  • Size

    2.5MB

  • Sample

    250519-m8fk6sfj61

  • MD5

    db85235cef0bce8ca94df2eec1a80419

  • SHA1

    42558e4f9e3be67f6be5772e6a61114af870fea3

  • SHA256

    5735bd96ae67cf917bfe18a804ed25b38e464d6c4a26f7fa1164d581be7f4972

  • SHA512

    18afaa3d08d79b54d34a01840f31f75241fd01f2cb870cea59720dc9f08d2ad3549d0896fe63a4b2deabd78d2ae3b7e09cfc0c8fcdf4c541714acc38fd285b20

  • SSDEEP

    49152:R4uhVddimxj1JjgDb1gQlmdINaHbidD4zWZMXg:VhVqmxj1Jjgn9lmdMgq8zbg

Malware Config

Targets

    • Target

      2025-05-19_db85235cef0bce8ca94df2eec1a80419_elex_virlock

    • Size

      2.5MB

    • MD5

      db85235cef0bce8ca94df2eec1a80419

    • SHA1

      42558e4f9e3be67f6be5772e6a61114af870fea3

    • SHA256

      5735bd96ae67cf917bfe18a804ed25b38e464d6c4a26f7fa1164d581be7f4972

    • SHA512

      18afaa3d08d79b54d34a01840f31f75241fd01f2cb870cea59720dc9f08d2ad3549d0896fe63a4b2deabd78d2ae3b7e09cfc0c8fcdf4c541714acc38fd285b20

    • SSDEEP

      49152:R4uhVddimxj1JjgDb1gQlmdINaHbidD4zWZMXg:VhVqmxj1Jjgn9lmdMgq8zbg

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (75) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks