General

  • Target

    2025-07-04_8a66288f42d8a456c1f8f98eb7f0171b_elex_virlock

  • Size

    198KB

  • Sample

    250704-vdm1rswvds

  • MD5

    8a66288f42d8a456c1f8f98eb7f0171b

  • SHA1

    76ec76165f1d733795eadd7726319fd51e6797f8

  • SHA256

    726a8e696fd986af41c5684f4efd3e599e6dbe9d86d26cde7350ba7157c8e0fc

  • SHA512

    2d34a4db96bdd744da1327a83d7e165f6058e7ccdbb2fc5c7a7e978c86695216b9e2ca02c4957ad3f68be57623825b6a1ddc4f576bed12ab507372b758cb8de4

  • SSDEEP

    6144:rvMX2wToWaR188zKLCu9ReRjaZ2DyNqdBN:r0Xe+ReRWKyK

Malware Config

Targets

    • Target

      2025-07-04_8a66288f42d8a456c1f8f98eb7f0171b_elex_virlock

    • Size

      198KB

    • MD5

      8a66288f42d8a456c1f8f98eb7f0171b

    • SHA1

      76ec76165f1d733795eadd7726319fd51e6797f8

    • SHA256

      726a8e696fd986af41c5684f4efd3e599e6dbe9d86d26cde7350ba7157c8e0fc

    • SHA512

      2d34a4db96bdd744da1327a83d7e165f6058e7ccdbb2fc5c7a7e978c86695216b9e2ca02c4957ad3f68be57623825b6a1ddc4f576bed12ab507372b758cb8de4

    • SSDEEP

      6144:rvMX2wToWaR188zKLCu9ReRjaZ2DyNqdBN:r0Xe+ReRWKyK

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (86) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks