General

  • Target

    2025-07-04_48f6979d7f3849aa25ce1ca6fb9d9c00_elex_virlock

  • Size

    649KB

  • Sample

    250704-t4l1qawshs

  • MD5

    48f6979d7f3849aa25ce1ca6fb9d9c00

  • SHA1

    4862b0f7a518dc7f121e276465ca2ec581e013f7

  • SHA256

    71bc1ff7edc0b7032669394512a10476097a17c932b4e34f7d301caa2dcf9ca6

  • SHA512

    4e65d8bbacefa4e299954129729afef655cf2f843a5f2316f03c0af18f3fd6240292c6ecbec84b397cc9a5fa129a368edb02fe3f6944ab740749e501bd17f011

  • SSDEEP

    12288:/9rtwuiRSYEzGYRuy44Z/asNMGmqMcjASTraDfcf434sYNOxvXpxibmrS9:/LwZRSYBr4Z/tN8hcjASTraDfcf44sYt

Malware Config

Targets

    • Target

      2025-07-04_48f6979d7f3849aa25ce1ca6fb9d9c00_elex_virlock

    • Size

      649KB

    • MD5

      48f6979d7f3849aa25ce1ca6fb9d9c00

    • SHA1

      4862b0f7a518dc7f121e276465ca2ec581e013f7

    • SHA256

      71bc1ff7edc0b7032669394512a10476097a17c932b4e34f7d301caa2dcf9ca6

    • SHA512

      4e65d8bbacefa4e299954129729afef655cf2f843a5f2316f03c0af18f3fd6240292c6ecbec84b397cc9a5fa129a368edb02fe3f6944ab740749e501bd17f011

    • SSDEEP

      12288:/9rtwuiRSYEzGYRuy44Z/asNMGmqMcjASTraDfcf434sYNOxvXpxibmrS9:/LwZRSYBr4Z/tN8hcjASTraDfcf44sYt

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (87) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks