General

  • Target

    2025-07-01_65ca4455ba616a13de512471537c3241_elex_virlock

  • Size

    784KB

  • Sample

    250701-jx55xadp91

  • MD5

    65ca4455ba616a13de512471537c3241

  • SHA1

    11b844b666df58d280e213964b3e8b87dacbff93

  • SHA256

    4c8f811be36d50d55619cf56719ff575ce8fad442235c9b9f922d17325765e7c

  • SHA512

    c1feeb335e7eb168b9916266fc7dcaae1edf449c61fe06c131fbd432e5d31b7437f05e0352306fab93a52d627c2c9dd830e8bd3c2b96178bf2770514b9fcc71d

  • SSDEEP

    6144:aYbhncNF8/ZTq0VJaVOlYB0MEZKxt6fQ/tbHRDMF3aWOHHk:aecN6/U1ChaWOH

Malware Config

Targets

    • Target

      2025-07-01_65ca4455ba616a13de512471537c3241_elex_virlock

    • Size

      784KB

    • MD5

      65ca4455ba616a13de512471537c3241

    • SHA1

      11b844b666df58d280e213964b3e8b87dacbff93

    • SHA256

      4c8f811be36d50d55619cf56719ff575ce8fad442235c9b9f922d17325765e7c

    • SHA512

      c1feeb335e7eb168b9916266fc7dcaae1edf449c61fe06c131fbd432e5d31b7437f05e0352306fab93a52d627c2c9dd830e8bd3c2b96178bf2770514b9fcc71d

    • SSDEEP

      6144:aYbhncNF8/ZTq0VJaVOlYB0MEZKxt6fQ/tbHRDMF3aWOHHk:aecN6/U1ChaWOH

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (88) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks