General

  • Target

    2025-07-04_ba80a64ea6be8fe51ebab5e63806fdeb_elex_virlock

  • Size

    193KB

  • Sample

    250704-vh45vabm21

  • MD5

    ba80a64ea6be8fe51ebab5e63806fdeb

  • SHA1

    48f93e3e3b7150fb3b6cc02dd29a71f742410308

  • SHA256

    f14e76dc0c6fa68806a5385acb1c585ecaee3859bf951e79c5415f914e757682

  • SHA512

    4d8d0768230bfa29cbfd4b186ecf75c7f306cb996dead48eea8b2841fd882f8565fd70cfa53fcdb83bfbe06faf1991285ccf9d3288382128e0975213dce24be9

  • SSDEEP

    3072:ZttEpeS5pDkE6YxfoDm4eJ9xICBE6PUPLlKFvMSVy1kNVFEbQzUMrKPR:5EDDkE6eoSdrxIuX8PJNSVFFEbSUsKJ

Malware Config

Targets

    • Target

      2025-07-04_ba80a64ea6be8fe51ebab5e63806fdeb_elex_virlock

    • Size

      193KB

    • MD5

      ba80a64ea6be8fe51ebab5e63806fdeb

    • SHA1

      48f93e3e3b7150fb3b6cc02dd29a71f742410308

    • SHA256

      f14e76dc0c6fa68806a5385acb1c585ecaee3859bf951e79c5415f914e757682

    • SHA512

      4d8d0768230bfa29cbfd4b186ecf75c7f306cb996dead48eea8b2841fd882f8565fd70cfa53fcdb83bfbe06faf1991285ccf9d3288382128e0975213dce24be9

    • SSDEEP

      3072:ZttEpeS5pDkE6YxfoDm4eJ9xICBE6PUPLlKFvMSVy1kNVFEbQzUMrKPR:5EDDkE6eoSdrxIuX8PJNSVFFEbSUsKJ

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks