General

  • Target

    2025-05-19_1c7d40110574a8de38dd7436a05d9a6d_elex_virlock

  • Size

    2.4MB

  • Sample

    250519-p6m9cagl61

  • MD5

    1c7d40110574a8de38dd7436a05d9a6d

  • SHA1

    424a3e1d87497adeb9f82dac0a9fcbd4c7ce3772

  • SHA256

    818ce646e5b49891cb18b99d193f0a511591747f257a26a2844adb041fa2cb78

  • SHA512

    2b5a78966b5da6a2aad6bb23d07e065716b8a42e1d98ae4736746d014cf9a52c9ad10bd4cb6489c6758002373323a318694b9e531015a608b245ba06ab7d868b

  • SSDEEP

    49152:XDn7D0lsZbrIg78fgd1EdiKCVstoGO+/s0p:Tv8jfgdAiKCut8Up

Malware Config

Targets

    • Target

      2025-05-19_1c7d40110574a8de38dd7436a05d9a6d_elex_virlock

    • Size

      2.4MB

    • MD5

      1c7d40110574a8de38dd7436a05d9a6d

    • SHA1

      424a3e1d87497adeb9f82dac0a9fcbd4c7ce3772

    • SHA256

      818ce646e5b49891cb18b99d193f0a511591747f257a26a2844adb041fa2cb78

    • SHA512

      2b5a78966b5da6a2aad6bb23d07e065716b8a42e1d98ae4736746d014cf9a52c9ad10bd4cb6489c6758002373323a318694b9e531015a608b245ba06ab7d868b

    • SSDEEP

      49152:XDn7D0lsZbrIg78fgd1EdiKCVstoGO+/s0p:Tv8jfgdAiKCut8Up

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (77) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks