General

  • Target

    2025-07-04_edde6145658f9a47238a9cddd7ac0639_elex_virlock

  • Size

    767KB

  • Sample

    250704-vqv7xabp2y

  • MD5

    edde6145658f9a47238a9cddd7ac0639

  • SHA1

    310ee8c7524c9e3bfa7b7bcf202c6b18f11eb409

  • SHA256

    85448bb378f0653d115d75b937391108049a95753a1970defb4ef048d5a87054

  • SHA512

    b33e47af07b3f885c6980bb5fc358cb9da782576de2f05ed078cad6befaa9ef09bd1a5085769df582699b09a550152d77765bf1462bd9d34720b6ed57cd1bf7e

  • SSDEEP

    3072:MpyQo0XKNnr8tDEBugxxdxp4q4yy1uFBcFDfi64ue4w3Z5eqkZ3:Mpza5r81GDO3yy1DFDfv4ue4wve3Z3

Malware Config

Targets

    • Target

      2025-07-04_edde6145658f9a47238a9cddd7ac0639_elex_virlock

    • Size

      767KB

    • MD5

      edde6145658f9a47238a9cddd7ac0639

    • SHA1

      310ee8c7524c9e3bfa7b7bcf202c6b18f11eb409

    • SHA256

      85448bb378f0653d115d75b937391108049a95753a1970defb4ef048d5a87054

    • SHA512

      b33e47af07b3f885c6980bb5fc358cb9da782576de2f05ed078cad6befaa9ef09bd1a5085769df582699b09a550152d77765bf1462bd9d34720b6ed57cd1bf7e

    • SSDEEP

      3072:MpyQo0XKNnr8tDEBugxxdxp4q4yy1uFBcFDfi64ue4w3Z5eqkZ3:Mpza5r81GDO3yy1DFDfv4ue4wve3Z3

    • Modifies visibility of file extensions in Explorer

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks