General

  • Target

    2025-05-30_38e8cf39e70c73e6bb9892a4fd95523d_elex_virlock

  • Size

    226KB

  • Sample

    250530-bt91pa1my9

  • MD5

    38e8cf39e70c73e6bb9892a4fd95523d

  • SHA1

    0616b8d9964e530bfb1e63770f3a8dba15a061d9

  • SHA256

    0fb1064b360654de969f5f099330c6e506a5fa9d96ea9cd74753ca6a4aea951f

  • SHA512

    047fe9f812fb673834cfac470786a1f80d0f9690b9b5bd000f086b25564a649fb8603afc9af496b6ce17a30f948547dc5c56286821b0513bc99f0a1dd6d70481

  • SSDEEP

    3072:6QuePYCh8eNt8dLTIbFODD5dfayQqbVLg3tM0D3soPItolXwK9MXV/M8uK3mIVXZ:BwChYL4FOn5dfYqbVPE3galStsimli

Malware Config

Targets

    • Target

      2025-05-30_38e8cf39e70c73e6bb9892a4fd95523d_elex_virlock

    • Size

      226KB

    • MD5

      38e8cf39e70c73e6bb9892a4fd95523d

    • SHA1

      0616b8d9964e530bfb1e63770f3a8dba15a061d9

    • SHA256

      0fb1064b360654de969f5f099330c6e506a5fa9d96ea9cd74753ca6a4aea951f

    • SHA512

      047fe9f812fb673834cfac470786a1f80d0f9690b9b5bd000f086b25564a649fb8603afc9af496b6ce17a30f948547dc5c56286821b0513bc99f0a1dd6d70481

    • SSDEEP

      3072:6QuePYCh8eNt8dLTIbFODD5dfayQqbVLg3tM0D3soPItolXwK9MXV/M8uK3mIVXZ:BwChYL4FOn5dfYqbVPE3galStsimli

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (89) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks