General

  • Target

    2025-05-29_55c56a97f196e69dda6d1e76faad933e_elex_virlock

  • Size

    643KB

  • Sample

    250529-3gvh1szwdv

  • MD5

    55c56a97f196e69dda6d1e76faad933e

  • SHA1

    f3d76db0ba51852bc4a0a4ba9056e7b70c30488e

  • SHA256

    f07dccafc3ce30c37ce01efc74d7abb932ffff1fd70452325260267cb51d11e4

  • SHA512

    75774352bb8f0d6346d627b3df1aed622e7fbb21c54d3004e6a70fb5986954f667da8f3cffb54ccc80e5b547850901d2c797abc2d30d363e9cccc177f05175bb

  • SSDEEP

    12288:GRW97Y96i3ysUHvna+lMsV2sOIu9RdN2VBahvlrpJRQ1dDdaJ1oNpN:GSsUH5lMAY9RdMBsPo

Malware Config

Targets

    • Target

      2025-05-29_55c56a97f196e69dda6d1e76faad933e_elex_virlock

    • Size

      643KB

    • MD5

      55c56a97f196e69dda6d1e76faad933e

    • SHA1

      f3d76db0ba51852bc4a0a4ba9056e7b70c30488e

    • SHA256

      f07dccafc3ce30c37ce01efc74d7abb932ffff1fd70452325260267cb51d11e4

    • SHA512

      75774352bb8f0d6346d627b3df1aed622e7fbb21c54d3004e6a70fb5986954f667da8f3cffb54ccc80e5b547850901d2c797abc2d30d363e9cccc177f05175bb

    • SSDEEP

      12288:GRW97Y96i3ysUHvna+lMsV2sOIu9RdN2VBahvlrpJRQ1dDdaJ1oNpN:GSsUH5lMAY9RdMBsPo

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (85) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks