90ff170d85e08d33e549507b81c800f80ab623e7b48e7799b3e680278c977a54 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-06-17...ck.exe

windows10-2004-x64

2025-06-17...ck.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

2025-06-17_794057eeeeadcd58344e2903bc296c21_elex_virlock
Size

190KB
Sample

250617-mdjz4sywev
MD5

794057eeeeadcd58344e2903bc296c21
SHA1

2a4e094712bfbfc6cc21284888e30729a818c2c5
SHA256

90ff170d85e08d33e549507b81c800f80ab623e7b48e7799b3e680278c977a54
SHA512

f36ae5a3d5f4a6e5fb97762f85fc97bb1fe648c22402f7966e0e25fd4e2f26adddb98e9ab0958159908c8dbd7efd7a046529fda082379893678b0bfe0139c56b
SSDEEP

3072:EQj1fXryS7q4m551YDL0jQ74p6LXuDspOzpuUrEckGPLyBes:dS407yh7+6ruDspONuU+sfs

Score

10^/10

defense_evasion discovery persistence ransomware spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-06-17_794057eeeeadcd58344e2903bc296c21_elex_virlock.exe

Resource

win10v2004-20250610-en

defense_evasion discovery persistence ransomware spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-06-17_794057eeeeadcd58344e2903bc296c21_elex_virlock.exe

Resource

win11-20250610-en

defense_evasion discovery persistence ransomware spyware stealer trojan

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-06-17_794057eeeeadcd58344e2903bc296c21_elex_virlock
- Size
  
  190KB
- MD5
  
  794057eeeeadcd58344e2903bc296c21
- SHA1
  
  2a4e094712bfbfc6cc21284888e30729a818c2c5
- SHA256
  
  90ff170d85e08d33e549507b81c800f80ab623e7b48e7799b3e680278c977a54
- SHA512
  
  f36ae5a3d5f4a6e5fb97762f85fc97bb1fe648c22402f7966e0e25fd4e2f26adddb98e9ab0958159908c8dbd7efd7a046529fda082379893678b0bfe0139c56b
- SSDEEP
  
  3072:EQj1fXryS7q4m551YDL0jQ74p6LXuDspOzpuUrEckGPLyBes:dS407yh7+6ruDspONuU+sfs
Score

10^/10

defense_evasion discovery persistence ransomware spyware stealer trojan
- Modifies visibility of file extensions in Explorer
  defense_evasion
- UAC bypass
  defense_evasion trojan
- Renames multiple (90) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceransomwarespywarestealertrojan

behavioral2

defense_evasiondiscoverypersistenceransomwarespywarestealertrojan

© 2018-2025

Terms | Privacy