Extracted

• • Target

    a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.bin

  • Size

    26KB

  • MD5

    cf6ff9e0403b8d89e42ae54701026c1f

  • SHA1

    a4f5cb11b9340f80a89022131fb525b888aa8bc6

  • SHA256

    a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b

  • SHA512

    dca369de908ff4d8a6b095243d8837ad9eb885c78544565586196451f99303e9beb8635e01254514b485f22298b3eaf69afb3666b6032959ae3e9567e78dc575

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2