General
-
Target
5b2e661eb997b4b902ad009697549ce322a1e6d78d273dcb232b1b48f656e2c0
-
Size
689KB
-
Sample
221020-d782nacfgk
-
MD5
9188ac80b6c87150a513431bb27567bc
-
SHA1
7abc0b85cefcec070ee47fb3a3c982df7b1c5e19
-
SHA256
5b2e661eb997b4b902ad009697549ce322a1e6d78d273dcb232b1b48f656e2c0
-
SHA512
bdf8f930f25220b89757025f680b0ed3aa6909202922bf6c6ca7bd836bd03cd996b129cd5622936e5783ac57a26cb74a9b236d86d2915651b876f75020cf7e62
-
SSDEEP
12288:56Z2+15Q3bpXI2grl9IU8dTYyrTnx0KJoxDxfJBEPdeu5IeYpj/e:5zgFsuSF5Ie
Malware Config
Targets
-
-
Target
5b2e661eb997b4b902ad009697549ce322a1e6d78d273dcb232b1b48f656e2c0
-
Size
689KB
-
MD5
9188ac80b6c87150a513431bb27567bc
-
SHA1
7abc0b85cefcec070ee47fb3a3c982df7b1c5e19
-
SHA256
5b2e661eb997b4b902ad009697549ce322a1e6d78d273dcb232b1b48f656e2c0
-
SHA512
bdf8f930f25220b89757025f680b0ed3aa6909202922bf6c6ca7bd836bd03cd996b129cd5622936e5783ac57a26cb74a9b236d86d2915651b876f75020cf7e62
-
SSDEEP
12288:56Z2+15Q3bpXI2grl9IU8dTYyrTnx0KJoxDxfJBEPdeu5IeYpj/e:5zgFsuSF5Ie
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-