General

  • Target

    2025-05-29_f15c70de6d25ec55e5836323f989ec40_elex_virlock

  • Size

    633KB

  • Sample

    250529-3rtdpscq5v

  • MD5

    f15c70de6d25ec55e5836323f989ec40

  • SHA1

    89cdc044b3f3ef866d756d5fed791367a835637f

  • SHA256

    f47c49f127c3f7d9efe323aff94c120c58e2e6a94385fd2d652993152e995bba

  • SHA512

    a21418ff192be1673830a85b49557c28e5990f055203f306df51cd5ecf56dbff06192f464ade18707e1801a387ed8f3dd3e6d40715acc8a5fdf7230e5bca7167

  • SSDEEP

    12288:ST4W10BeKxwXFhsozBW3QtedpnI+27zDfPIX42X+t:xBiVh5WgsnI+273Ao2X8

Malware Config

Targets

    • Target

      2025-05-29_f15c70de6d25ec55e5836323f989ec40_elex_virlock

    • Size

      633KB

    • MD5

      f15c70de6d25ec55e5836323f989ec40

    • SHA1

      89cdc044b3f3ef866d756d5fed791367a835637f

    • SHA256

      f47c49f127c3f7d9efe323aff94c120c58e2e6a94385fd2d652993152e995bba

    • SHA512

      a21418ff192be1673830a85b49557c28e5990f055203f306df51cd5ecf56dbff06192f464ade18707e1801a387ed8f3dd3e6d40715acc8a5fdf7230e5bca7167

    • SSDEEP

      12288:ST4W10BeKxwXFhsozBW3QtedpnI+27zDfPIX42X+t:xBiVh5WgsnI+273Ao2X8

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (87) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks