General

  • Target

    2025-05-30_3e5e5c74b7db0f451247014a6c1e551a_elex_virlock

  • Size

    574KB

  • Sample

    250530-bvj6na1mz4

  • MD5

    3e5e5c74b7db0f451247014a6c1e551a

  • SHA1

    05d9554bbbcf51a9553b9d69ed12559886a19379

  • SHA256

    2ce4b34adfc985da71c91c437ed0eeb4c0459a71b3195440ac6361e88b49972c

  • SHA512

    74346a5f0de4532ea7c392565d65c6a891dd9427fbf41624fd9357b27cd7fcf4a46a5f1e2078aeff74251171db3f64ef669f306bc88116dafb6c5dd30bd28869

  • SSDEEP

    3072:feYuO+b/sgM6jDwcauNseXk1uIiIArDPso1TtJ6C/v:felcclNuQHs4H6CX

Malware Config

Targets

    • Target

      2025-05-30_3e5e5c74b7db0f451247014a6c1e551a_elex_virlock

    • Size

      574KB

    • MD5

      3e5e5c74b7db0f451247014a6c1e551a

    • SHA1

      05d9554bbbcf51a9553b9d69ed12559886a19379

    • SHA256

      2ce4b34adfc985da71c91c437ed0eeb4c0459a71b3195440ac6361e88b49972c

    • SHA512

      74346a5f0de4532ea7c392565d65c6a891dd9427fbf41624fd9357b27cd7fcf4a46a5f1e2078aeff74251171db3f64ef669f306bc88116dafb6c5dd30bd28869

    • SSDEEP

      3072:feYuO+b/sgM6jDwcauNseXk1uIiIArDPso1TtJ6C/v:felcclNuQHs4H6CX

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks