Extracted

• • Target

    illegal and unillegal/dead.exe

  • Size

    985KB

  • MD5

    37a0d42671350931168039739cd65c4f

  • SHA1

    e372320a7d1d073a913891e20468932a86c4a086

  • SHA256

    8864d707d5e91e1c073e5d3bd4324793202449c647b1b1936df35fd734635d4a

  • SHA512

    2f3828bd2525dd8b6cc8daae7e2bcff2ba508c2841eaaf8a0faa359ea9e07f7387bf503c309ece096e6899627d5e9a9c90abf7d197bb8199e4db28b83d03a93c

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1

• • Target

    decrypt-decrypters/Decrypter.exe

  • Size

    218KB

  • MD5

    97f3854d27d9f5d8f9b15818237894d5

  • SHA1

    e608608d59708ef58102a3938d9117fa864942d9

  • SHA256

    fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2

  • SHA512

    25d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696

  Score

  8^/10

  ransomwarespywarestealer

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral2

• • Target

    decrypt-decrypters/privateKey.chaos

  • Size

    1KB

  • MD5

    ef98e844f401ce505f3cfadd50387a2a

  • SHA1

    53152b609e4c2a5904f55ef4862463c9e97b6840

  • SHA256

    8e1978ba42d685cc1fdbfea65f2c6e6bb08d1a82601c6586c5df2984cb764c40

  • SHA512

    c2483aea1caf32e166456c85dd187cca4d5a7503c9a9194b4e5a0eac2b9762b53385c67e3eb29bab03306144479b6250907202980c494840c468713b143aa7a2

  Score

  1^/10
  behavioral3

• • Target

    decrypt-decrypters/publicKey.chaos

  • Size

    397B

  • MD5

    52e4bb13a8780d8180b2902b6214a32a

  • SHA1

    f78d461e51897af9a6dbc365031b24aca90def92

  • SHA256

    f29f3c1ab0db20f3550e78eba4a1bcec1dc76cd6df0c1b547d2229a27eb26160

  • SHA512

    3a6d5c8e863676792ec893d2f21f1314c342f294a95607032225bf12dd41f7935528bffcda43775b6059d1c7e0df746e993ca346780bf3822cd30c42ad3f145a

  Score

  1^/10
  behavioral4