General
-
Target
Trojan-Ransom.Win32.Chimera.l-ffb4a81fc336b1d77c81eef96eab0a5249ebb053c8920dd0c02e1d9f3ac257b0.exe
-
Size
384KB
-
Sample
220929-pt342aaha2
-
MD5
e6922a68fca90016584ac48fc7722ef8
-
SHA1
a039ae3f86f31a569966a94ad45dbe7e87f118ad
-
SHA256
ffb4a81fc336b1d77c81eef96eab0a5249ebb053c8920dd0c02e1d9f3ac257b0
-
SHA512
33671f3ce8ae5ce1b2852aeb3a601db82b9b8c83bc682abdebf69fb96d878edeb91a21183f1f456d18dd5ed59c797389de912c627d060866fccb580548c96319
-
SSDEEP
3072:2FHH5FeD8D/6XyNj41ozQDameUGkI81m9+ntccr8jQSaeA83KHGcQ3f4MdwtTDKd:2h5AD876CNmhza9V88A8rcw4MdmxqA
Malware Config
Targets
-
-
Target
Trojan-Ransom.Win32.Chimera.l-ffb4a81fc336b1d77c81eef96eab0a5249ebb053c8920dd0c02e1d9f3ac257b0.exe
-
Size
384KB
-
MD5
e6922a68fca90016584ac48fc7722ef8
-
SHA1
a039ae3f86f31a569966a94ad45dbe7e87f118ad
-
SHA256
ffb4a81fc336b1d77c81eef96eab0a5249ebb053c8920dd0c02e1d9f3ac257b0
-
SHA512
33671f3ce8ae5ce1b2852aeb3a601db82b9b8c83bc682abdebf69fb96d878edeb91a21183f1f456d18dd5ed59c797389de912c627d060866fccb580548c96319
-
SSDEEP
3072:2FHH5FeD8D/6XyNj41ozQDameUGkI81m9+ntccr8jQSaeA83KHGcQ3f4MdwtTDKd:2h5AD876CNmhza9V88A8rcw4MdmxqA
Score10/10-
Chimera
Ransomware which infects local and network files, often distributed via Dropbox links.
-
Chimera Ransomware Loader DLL
Drops/unpacks executable file which resembles Chimera's Loader.dll.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-