General

  • Target

    2025-07-04_4b07280aa5cc9aeb068f7b8ab19ce1a0_elex_virlock

  • Size

    1.6MB

  • Sample

    250704-t4qc5swp14

  • MD5

    4b07280aa5cc9aeb068f7b8ab19ce1a0

  • SHA1

    1f81a0006ddaeada9885b4095dc7dcfea00ad5cb

  • SHA256

    f95090ece433b1c05cfbba952274f9703fe6ede52408aad7c696852e714bbd45

  • SHA512

    4e0ac72ebfc3a77e3d77e1479f7664b17f8086a59743a6e81b0b1f2286cb9db56d74fe7d4034b1a171fb826262738ea34d243c4b245f065aef0c0e0f08bea0f2

  • SSDEEP

    12288:zeZh4HwZHa7HXP+l2SpNNxO7sjqcPJ0lXbszhBPJZrSVBiGLaOt3sPK26SnpXaBg:yZaHeOf+4SHNsby6uQcnHt

Malware Config

Targets

    • Target

      2025-07-04_4b07280aa5cc9aeb068f7b8ab19ce1a0_elex_virlock

    • Size

      1.6MB

    • MD5

      4b07280aa5cc9aeb068f7b8ab19ce1a0

    • SHA1

      1f81a0006ddaeada9885b4095dc7dcfea00ad5cb

    • SHA256

      f95090ece433b1c05cfbba952274f9703fe6ede52408aad7c696852e714bbd45

    • SHA512

      4e0ac72ebfc3a77e3d77e1479f7664b17f8086a59743a6e81b0b1f2286cb9db56d74fe7d4034b1a171fb826262738ea34d243c4b245f065aef0c0e0f08bea0f2

    • SSDEEP

      12288:zeZh4HwZHa7HXP+l2SpNNxO7sjqcPJ0lXbszhBPJZrSVBiGLaOt3sPK26SnpXaBg:yZaHeOf+4SHNsby6uQcnHt

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (76) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks