General

  • Target

    2025-05-30_548a5305bf89b6cf7d4a80eaa2281944_elex_virlock

  • Size

    230KB

  • Sample

    250530-bz8d2scq2v

  • MD5

    548a5305bf89b6cf7d4a80eaa2281944

  • SHA1

    04c8a3f78b60cea14b1f735107d83d6ab018fd62

  • SHA256

    43d1294549b0ae0a831842aaa908fcea806f169a2ffda7da2b866c6741ffd85b

  • SHA512

    b10266ef790c5be642962ae15d92ab24bfa71eba6f3fd277d4894071b66f313e2f9dd65dcb08b3c543a04c7c23e359562d4baf0c1701053aea1fb0d04a907373

  • SSDEEP

    6144:CbA4m8dEQ5eNtC17AfwznKeRfbDwOmTUqj1HZrzU9edP0fGUD:YEWeciwz1fbcOmTUqj1HZZdP4GU

Malware Config

Targets

    • Target

      2025-05-30_548a5305bf89b6cf7d4a80eaa2281944_elex_virlock

    • Size

      230KB

    • MD5

      548a5305bf89b6cf7d4a80eaa2281944

    • SHA1

      04c8a3f78b60cea14b1f735107d83d6ab018fd62

    • SHA256

      43d1294549b0ae0a831842aaa908fcea806f169a2ffda7da2b866c6741ffd85b

    • SHA512

      b10266ef790c5be642962ae15d92ab24bfa71eba6f3fd277d4894071b66f313e2f9dd65dcb08b3c543a04c7c23e359562d4baf0c1701053aea1fb0d04a907373

    • SSDEEP

      6144:CbA4m8dEQ5eNtC17AfwznKeRfbDwOmTUqj1HZrzU9edP0fGUD:YEWeciwz1fbcOmTUqj1HZZdP4GU

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks