General

  • Target

    2025-05-29_617e01dda012c919db36629b81302154_elex_virlock

  • Size

    222KB

  • Sample

    250529-kzkseszvet

  • MD5

    617e01dda012c919db36629b81302154

  • SHA1

    074cac8671eb8f205dbb24409069ac3dd9ff6590

  • SHA256

    26a1d1fc9a0a63a7a149352316d99abc7690072ae0c7d8829199434b1b7fa571

  • SHA512

    5706318eee4ca881a081632fd1d0c69096e5546e3469d71bb2b647e9c12a4981c607b715ab4691b50d1bb1b0bafb62b5d2e463c94e6eabf55324bb932688506e

  • SSDEEP

    3072:h/cUvJpA30LWka1SBYm2jsx/nWk89YgiRQ4Z7lJ/VEPGqIADKK1FRbQCByUsUsgy:h/cMpqjg/nrfEu9wRvvsUsKgS

Malware Config

Targets

    • Target

      2025-05-29_617e01dda012c919db36629b81302154_elex_virlock

    • Size

      222KB

    • MD5

      617e01dda012c919db36629b81302154

    • SHA1

      074cac8671eb8f205dbb24409069ac3dd9ff6590

    • SHA256

      26a1d1fc9a0a63a7a149352316d99abc7690072ae0c7d8829199434b1b7fa571

    • SHA512

      5706318eee4ca881a081632fd1d0c69096e5546e3469d71bb2b647e9c12a4981c607b715ab4691b50d1bb1b0bafb62b5d2e463c94e6eabf55324bb932688506e

    • SSDEEP

      3072:h/cUvJpA30LWka1SBYm2jsx/nWk89YgiRQ4Z7lJ/VEPGqIADKK1FRbQCByUsUsgy:h/cMpqjg/nrfEu9wRvvsUsKgS

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (83) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks