General
-
Target
fc68c5aab307cd0da6476a150562f9fdfbbd768b2b5fa3bf4b912219209c8cf9
-
Size
22KB
-
Sample
221028-sqr45sgdem
-
MD5
f38910f1c71e210f710b0d2aed182f55
-
SHA1
b1ec33aafba903812914d2b8d90c5ee0c6055107
-
SHA256
fc68c5aab307cd0da6476a150562f9fdfbbd768b2b5fa3bf4b912219209c8cf9
-
SHA512
0c8e3315c062f41134df5ef534923b1ade7d7eaf804f789ced322638113c1e9e4228131cbd43fc2713d419e3ba12c5d43e43fdad1e04684998282e1f58b3391b
-
SSDEEP
384:63Mg/bqo2etUq4/fHapyj8ZOjPJNr91CaTb5geM:Aqo2jNSpjZOjhNr9ZTbeeM
Malware Config
Targets
-
-
Target
fc68c5aab307cd0da6476a150562f9fdfbbd768b2b5fa3bf4b912219209c8cf9
-
Size
22KB
-
MD5
f38910f1c71e210f710b0d2aed182f55
-
SHA1
b1ec33aafba903812914d2b8d90c5ee0c6055107
-
SHA256
fc68c5aab307cd0da6476a150562f9fdfbbd768b2b5fa3bf4b912219209c8cf9
-
SHA512
0c8e3315c062f41134df5ef534923b1ade7d7eaf804f789ced322638113c1e9e4228131cbd43fc2713d419e3ba12c5d43e43fdad1e04684998282e1f58b3391b
-
SSDEEP
384:63Mg/bqo2etUq4/fHapyj8ZOjPJNr91CaTb5geM:Aqo2jNSpjZOjhNr9ZTbeeM
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-