General

  • Target

    2025-06-30_a733a3de85de1b61434be452a00c74e6_elex_virlock

  • Size

    758KB

  • Sample

    250630-zjph1avpw7

  • MD5

    a733a3de85de1b61434be452a00c74e6

  • SHA1

    d04fb1364200caeec1301f0d3ea88da58c00c6ad

  • SHA256

    903bfc28d695154dfd4ae3d5889f7d90f267758ce48f59222418c3fdeacc4313

  • SHA512

    6dddf17d3cc3e02086e062c502d60f62bd6203dc18c6263751ce3f202f6b27bffe9a1391ca4ea051f69669b82416f9c41d1fc45071e8359f15164f1c5e4f2f5a

  • SSDEEP

    12288:YtC5Ug1sG2eA5q+X/GF5YBPVtQpYhlOmN2yEOb1NX7EkUjlqvva:RUUEH51Xm5YBPdDNcq1Ncava

Malware Config

Targets

    • Target

      2025-06-30_a733a3de85de1b61434be452a00c74e6_elex_virlock

    • Size

      758KB

    • MD5

      a733a3de85de1b61434be452a00c74e6

    • SHA1

      d04fb1364200caeec1301f0d3ea88da58c00c6ad

    • SHA256

      903bfc28d695154dfd4ae3d5889f7d90f267758ce48f59222418c3fdeacc4313

    • SHA512

      6dddf17d3cc3e02086e062c502d60f62bd6203dc18c6263751ce3f202f6b27bffe9a1391ca4ea051f69669b82416f9c41d1fc45071e8359f15164f1c5e4f2f5a

    • SSDEEP

      12288:YtC5Ug1sG2eA5q+X/GF5YBPVtQpYhlOmN2yEOb1NX7EkUjlqvva:RUUEH51Xm5YBPdDNcq1Ncava

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (78) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks