General
-
Target
chaosgate.zip
-
Size
146KB
-
Sample
220211-ht6rladgep
-
MD5
da2a03719064154d95a16085ae5b642f
-
SHA1
529a9376101a05298d027fa82b07f25d225c2abd
-
SHA256
3e044ab5ff896fbe79fdb0064c5be49986fe22c43692dcd0e3da6f1500440860
-
SHA512
c8ed8f339b94b87990516d7c32948cf6630d482c1aab4b1ebac5293c3c155695a24732144e7bc885049ebfd1658a5c50878d5fd47cfa2ecbeb97dbbc7488eb93
Static task
static1
Behavioral task
behavioral1
Sample
0a144c8c7a27b14415064cf3e8a031fa19b59970427c1d00b9bf4a129fc94c56.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0a144c8c7a27b14415064cf3e8a031fa19b59970427c1d00b9bf4a129fc94c56.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\Users\Admin\Desktop\read_me.txt
Targets
-
-
Target
0a144c8c7a27b14415064cf3e8a031fa19b59970427c1d00b9bf4a129fc94c56.exe
-
Size
314KB
-
MD5
9ccf43bbfaccb1a377e0b87f3f7f538c
-
SHA1
91d70b30f9232435776d0f6839f6ff7ac4fb586d
-
SHA256
0a144c8c7a27b14415064cf3e8a031fa19b59970427c1d00b9bf4a129fc94c56
-
SHA512
64373dc9798701747581c01bb21c4ba672c948e4232b4d1db8ec6a492581147451e31509a3e3f2be647fd4cea95783b4c83f7764f181508ae20c4887001a672c
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-