General
-
Target
0d683d2e4fa69e5a5780ffcec285131df7d3467d0f5483ad7d1e918160817886
-
Size
2.2MB
-
Sample
210921-kd7p3aghc3
-
MD5
5b61e933fb4b526837a23637ff6bef7e
-
SHA1
34056a337b596b2bf2682df0ec1247b0ad14a972
-
SHA256
0d683d2e4fa69e5a5780ffcec285131df7d3467d0f5483ad7d1e918160817886
-
SHA512
2f7ec6cfac3a671334e900d59dd8cd7e66d8ce8ff61e71ac47d805f17e7ccc0ad2066e8c477a0597d318a6802b1a9e7fdcf1890ac08ba45b0cb8cfc938498ea0
Malware Config
Targets
-
-
Target
0d683d2e4fa69e5a5780ffcec285131df7d3467d0f5483ad7d1e918160817886
-
Size
2.2MB
-
MD5
5b61e933fb4b526837a23637ff6bef7e
-
SHA1
34056a337b596b2bf2682df0ec1247b0ad14a972
-
SHA256
0d683d2e4fa69e5a5780ffcec285131df7d3467d0f5483ad7d1e918160817886
-
SHA512
2f7ec6cfac3a671334e900d59dd8cd7e66d8ce8ff61e71ac47d805f17e7ccc0ad2066e8c477a0597d318a6802b1a9e7fdcf1890ac08ba45b0cb8cfc938498ea0
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-