General

  • Target

    2025-07-01_17243a2ca6a905c71fc1a9cad1bd772b_elex_virlock

  • Size

    221KB

  • Sample

    250701-jyfawatkx6

  • MD5

    17243a2ca6a905c71fc1a9cad1bd772b

  • SHA1

    a03911239f3770281c0540c0732efea0a1f05d72

  • SHA256

    9c682b534144d66f2a63429d80cb30a711003bffbd8d470db81207fd8d3db5da

  • SHA512

    6e97e4274ba6e53d73eb410ec626e5a754f2a2c74952b520c7a5787bb594a508f0d3408518c0b521fea9083226ccf52fa117317130a7e7b43b7256d71978d45a

  • SSDEEP

    6144:Sa799s4HqUtpDh6Ml2U2W9kRpqtRYzkuPMOwMUp1:5799s4Kspj2Ikviuy

Malware Config

Targets

    • Target

      2025-07-01_17243a2ca6a905c71fc1a9cad1bd772b_elex_virlock

    • Size

      221KB

    • MD5

      17243a2ca6a905c71fc1a9cad1bd772b

    • SHA1

      a03911239f3770281c0540c0732efea0a1f05d72

    • SHA256

      9c682b534144d66f2a63429d80cb30a711003bffbd8d470db81207fd8d3db5da

    • SHA512

      6e97e4274ba6e53d73eb410ec626e5a754f2a2c74952b520c7a5787bb594a508f0d3408518c0b521fea9083226ccf52fa117317130a7e7b43b7256d71978d45a

    • SSDEEP

      6144:Sa799s4HqUtpDh6Ml2U2W9kRpqtRYzkuPMOwMUp1:5799s4Kspj2Ikviuy

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (90) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks