General

  • Target

    2025-05-19_f3d61f29c7b5f6cc16aa8e0879579775_elex_virlock

  • Size

    202KB

  • Sample

    250519-nccp3sfk4y

  • MD5

    f3d61f29c7b5f6cc16aa8e0879579775

  • SHA1

    4261e3f55659e9bd2edbf4b14cb399e1409646b6

  • SHA256

    3c0d9ac742083511f02d817f6d07307cf46b0ead6075764672332431b96a08e4

  • SHA512

    859527eec7ff43d65eda9199268898859a7d22ef17cd2114c363eb6672410a2de37e911a88bbb2075edaf8a6d64408be1bdfa638a89be5bbed466d23136cf87d

  • SSDEEP

    6144:Jc/0q4CsyxER/QSRb2C2J8N5eylJY9vS9zw:JATFaR/zb7N5949q

Malware Config

Targets

    • Target

      2025-05-19_f3d61f29c7b5f6cc16aa8e0879579775_elex_virlock

    • Size

      202KB

    • MD5

      f3d61f29c7b5f6cc16aa8e0879579775

    • SHA1

      4261e3f55659e9bd2edbf4b14cb399e1409646b6

    • SHA256

      3c0d9ac742083511f02d817f6d07307cf46b0ead6075764672332431b96a08e4

    • SHA512

      859527eec7ff43d65eda9199268898859a7d22ef17cd2114c363eb6672410a2de37e911a88bbb2075edaf8a6d64408be1bdfa638a89be5bbed466d23136cf87d

    • SSDEEP

      6144:Jc/0q4CsyxER/QSRb2C2J8N5eylJY9vS9zw:JATFaR/zb7N5949q

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (98) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks