General

  • Target

    2025-05-30_39ce97d1b570ef7b0aee69c1c005f9f3_elex_virlock

  • Size

    309KB

  • Sample

    250530-at5kjacj8y

  • MD5

    39ce97d1b570ef7b0aee69c1c005f9f3

  • SHA1

    b5806054232ef2d0043f4ddb145137872c1cbfe4

  • SHA256

    f9980f2caf8a6f38d5434fb3286f6354fa9bd9ca9d013b85b02a2bef56b6ed2c

  • SHA512

    e6fe74856e09ef5b75b6b38db3fda2c984d52d3c85089ac775823ad826c29b3f073634a247370d505996ea370409ea25f0ec79086692e4d953e9662fe6a55e59

  • SSDEEP

    6144:3rSGjorU4CddYEBFYW70+TtxpeJJoRjAUe:3mlNCWEBFn0+1swAX

Malware Config

Targets

    • Target

      2025-05-30_39ce97d1b570ef7b0aee69c1c005f9f3_elex_virlock

    • Size

      309KB

    • MD5

      39ce97d1b570ef7b0aee69c1c005f9f3

    • SHA1

      b5806054232ef2d0043f4ddb145137872c1cbfe4

    • SHA256

      f9980f2caf8a6f38d5434fb3286f6354fa9bd9ca9d013b85b02a2bef56b6ed2c

    • SHA512

      e6fe74856e09ef5b75b6b38db3fda2c984d52d3c85089ac775823ad826c29b3f073634a247370d505996ea370409ea25f0ec79086692e4d953e9662fe6a55e59

    • SSDEEP

      6144:3rSGjorU4CddYEBFYW70+TtxpeJJoRjAUe:3mlNCWEBFn0+1swAX

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (92) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks