General

  • Target

    2025-07-01_59aebf06822176d8d8fcb832ae117039_elex_virlock

  • Size

    307KB

  • Sample

    250701-jcky8shj2w

  • MD5

    59aebf06822176d8d8fcb832ae117039

  • SHA1

    10d5eb7b9bdd4707c784a84646d4d2e89efbb1f7

  • SHA256

    c75789db21daa0c39830b9f953fce46cb4660d3d700e00112fe06427a87bf9e4

  • SHA512

    4544042c8ff8f92d180925d02c3496ca12d4f78e71ff3b521e948e78a81428d96fecf48555249a5b54684f2535132d8a6b18972b0a435500dd00c1e2b1e14d77

  • SSDEEP

    6144:cdzk65IctfTsNZMZwhZnLKJZ3DSMuUprCWclPAA08MlQWYGcngNE:cdzDI8A9hK5SMJrsYA08wO

Malware Config

Targets

    • Target

      2025-07-01_59aebf06822176d8d8fcb832ae117039_elex_virlock

    • Size

      307KB

    • MD5

      59aebf06822176d8d8fcb832ae117039

    • SHA1

      10d5eb7b9bdd4707c784a84646d4d2e89efbb1f7

    • SHA256

      c75789db21daa0c39830b9f953fce46cb4660d3d700e00112fe06427a87bf9e4

    • SHA512

      4544042c8ff8f92d180925d02c3496ca12d4f78e71ff3b521e948e78a81428d96fecf48555249a5b54684f2535132d8a6b18972b0a435500dd00c1e2b1e14d77

    • SSDEEP

      6144:cdzk65IctfTsNZMZwhZnLKJZ3DSMuUprCWclPAA08MlQWYGcngNE:cdzDI8A9hK5SMJrsYA08wO

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks