General

  • Target

    2025-07-01_9bed7b438457926e60feaa7dcf90f8b1_elex_virlock

  • Size

    629KB

  • Sample

    250701-j31sdadr2y

  • MD5

    9bed7b438457926e60feaa7dcf90f8b1

  • SHA1

    0a522fc2e44bc1c92f427b6a7a3ec1f24eabbaef

  • SHA256

    187ec2a8c62642f410e236beb8a5138adca4f84b67877e92773bc0ab9202ecb0

  • SHA512

    23f715cf55fede5100549897f38efeaed4b4187e2398af44158c6e9da10f7b5801ca455226acb4570315214eeea5d30da310e5f8653c79c14848442615543310

  • SSDEEP

    12288:dk0q0hUqCO54oqDdg/RxrdTOr7nguQdJaHfaOQI7BEWylS:dkf8ODdgZxZs7gLr8aOQ4EWyU

Malware Config

Targets

    • Target

      2025-07-01_9bed7b438457926e60feaa7dcf90f8b1_elex_virlock

    • Size

      629KB

    • MD5

      9bed7b438457926e60feaa7dcf90f8b1

    • SHA1

      0a522fc2e44bc1c92f427b6a7a3ec1f24eabbaef

    • SHA256

      187ec2a8c62642f410e236beb8a5138adca4f84b67877e92773bc0ab9202ecb0

    • SHA512

      23f715cf55fede5100549897f38efeaed4b4187e2398af44158c6e9da10f7b5801ca455226acb4570315214eeea5d30da310e5f8653c79c14848442615543310

    • SSDEEP

      12288:dk0q0hUqCO54oqDdg/RxrdTOr7nguQdJaHfaOQI7BEWylS:dkf8ODdgZxZs7gLr8aOQ4EWyU

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (94) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks