General

  • Target

    2025-07-01_bde3f8cf4ce3eca331b6e8148bc936b4_elex_virlock

  • Size

    225KB

  • Sample

    250701-j618bassgw

  • MD5

    bde3f8cf4ce3eca331b6e8148bc936b4

  • SHA1

    0f10c2c2d00126cc007c5de9b107e24e66b28328

  • SHA256

    4ba21633211fb5ff53576b91d77dec288c795bef50a9c945799c6709b5ee6a50

  • SHA512

    dfd40dbc69231230c22ad23869107d66a21564b2ec3c29780b15c83de9572d7a7fe4c077ef16ce5f43d56fec20b8a3404abafeefb19568cb3042eb616699786b

  • SSDEEP

    3072:xtKGpU8k1aWVbLTw+MyWYDSIwfcfyQUfClMMCgu7btZkwBAlQtkSX9iu:xtKD8JE3Tw+GzMyQUfKMM9q0ps9iu

Malware Config

Targets

    • Target

      2025-07-01_bde3f8cf4ce3eca331b6e8148bc936b4_elex_virlock

    • Size

      225KB

    • MD5

      bde3f8cf4ce3eca331b6e8148bc936b4

    • SHA1

      0f10c2c2d00126cc007c5de9b107e24e66b28328

    • SHA256

      4ba21633211fb5ff53576b91d77dec288c795bef50a9c945799c6709b5ee6a50

    • SHA512

      dfd40dbc69231230c22ad23869107d66a21564b2ec3c29780b15c83de9572d7a7fe4c077ef16ce5f43d56fec20b8a3404abafeefb19568cb3042eb616699786b

    • SSDEEP

      3072:xtKGpU8k1aWVbLTw+MyWYDSIwfcfyQUfClMMCgu7btZkwBAlQtkSX9iu:xtKD8JE3Tw+GzMyQUfKMM9q0ps9iu

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks