General

  • Target

    2025-07-04_7a164690d998ee11ec3dd5ae2f1167a8_elex_virlock

  • Size

    319KB

  • Sample

    250704-vb4kqsbk4y

  • MD5

    7a164690d998ee11ec3dd5ae2f1167a8

  • SHA1

    47e61f0262114c72b29031e77d755622716bd696

  • SHA256

    2e94881a55646d2ef991abeda8abde9882ed887d534595e8b720552ff2a0e2e4

  • SHA512

    f169be7806fac34dac2ee51aa7722ad50f05620ed7f9e69ac7cb227afad4359097e18b8d2d42f085f1f6f69d7966996ad3e8af25faaf83f033733a5a5877b661

  • SSDEEP

    6144:AB1iZvasjBArxbZgtOklTstMbtzKXsKJdveVwQ/Z+S:i1iZXlAMY9MbA8KPeVG

Malware Config

Targets

    • Target

      2025-07-04_7a164690d998ee11ec3dd5ae2f1167a8_elex_virlock

    • Size

      319KB

    • MD5

      7a164690d998ee11ec3dd5ae2f1167a8

    • SHA1

      47e61f0262114c72b29031e77d755622716bd696

    • SHA256

      2e94881a55646d2ef991abeda8abde9882ed887d534595e8b720552ff2a0e2e4

    • SHA512

      f169be7806fac34dac2ee51aa7722ad50f05620ed7f9e69ac7cb227afad4359097e18b8d2d42f085f1f6f69d7966996ad3e8af25faaf83f033733a5a5877b661

    • SSDEEP

      6144:AB1iZvasjBArxbZgtOklTstMbtzKXsKJdveVwQ/Z+S:i1iZXlAMY9MbA8KPeVG

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (78) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks