chaos | 55ff901e986a52d6e0700210a74a1ece69fdb3e0c5497f641ec6483a3c0f8751 | Triage

Submit
Reports

Overview

overview

Static

static

ebc90f7e16...41.exe

windows7-x64

ebc90f7e16...41.exe

windows10-2004-x64

Sharing

General

Target

55ff901e986a52d6e0700210a74a1ece69fdb3e0c5497f641ec6483a3c0f8751.zip
Size

329KB
Sample

221005-ql79fsede6
MD5

2f0c08446e6f6dd75aceaf67ebad2f77
SHA1

a58dd9be0907debb8f39cb357e458a93612ac79c
SHA256

55ff901e986a52d6e0700210a74a1ece69fdb3e0c5497f641ec6483a3c0f8751
SHA512

76b12e89c69105ca97075b2490870248813ae732bdbeb1c161b46bd4ba13d3a74b8e7d7f901b031a909cd8a6c42af03f703a99c63b5136648b2e7fe97470a8c7
SSDEEP

6144:gcVbL0hiIOM8+LDCvzCnQHw67feMv8KiPuTL94H:gcVJIOd+vCvnJ8tPuF4H

Score

10^/10

chaos evasion persistence ransomware spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ebc90f7e16ee51150267c78495d59e3a2a2b3880c7541ca3df0ff287b528fc41.exe

Resource

win7-20220812-en

chaos evasion persistence ransomware spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

ebc90f7e16ee51150267c78495d59e3a2a2b3880c7541ca3df0ff287b528fc41.exe

Resource

win10v2004-20220901-en

chaos evasion persistence ransomware spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  ebc90f7e16ee51150267c78495d59e3a2a2b3880c7541ca3df0ff287b528fc41.exe
- Size
  
  329KB
- MD5
  
  eb9c6acdedd1e8a8bfd266403bfd520a
- SHA1
  
  c835f8e3fe7f35b7c61cffe842056bd573ce939b
- SHA256
  
  ebc90f7e16ee51150267c78495d59e3a2a2b3880c7541ca3df0ff287b528fc41
- SHA512
  
  ff67f19d8d986917bbd4d6d00d0fae4b9907960108d4e00202d8e579d95e82b0c9386a07050c406157ba3f0a4d31d3f6aa89f09955ec5551607764679688fc32
- SSDEEP
  
  6144:+cVbL0hiIOM8+LDCvzCnQHw67feMv8KiPuTL94:+cVJIOd+vCvnJ8tPuF4
Score

10^/10

chaos evasion persistence ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

chaosevasionpersistenceransomwarespywarestealer

behavioral2

chaosevasionpersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy