Overview

overview

10

Static

static

10

e654d76dad...00.exe

windows7-x64

10

e654d76dad...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e654d76dadfd3cefd9052a116afd0e00

  • Size

    1.1MB

  • Sample

    221128-3vf8jsgb5x

  • MD5

    e654d76dadfd3cefd9052a116afd0e00

  • SHA1

    0774c3f2cdf2ef9760d1cacaeb9464e6f59cf745

  • SHA256

    ca452d795d8a7055e429e57205ff2b3a2083d28fe97dbb1ba591a3178df3a1a4

  • SHA512

    5c85e2aea0db6a2fb9e1ad9960f5c42cb7db62d0089c635ae71e1d029dab83b96116770e054e8633ebeb1e0144120f937e4381b1fa1c04fe8a045aff38cfbf47

  • SSDEEP

    12288:+kN2/snXKG+LtGEUSVH+9drewoSVKxXtP2qdhGAqU1HkYXUHtv7E3vyepAyvuUY0:+kN2/sjDzAPvhuv4Tgqea0nRhO

Score
10/10
chaossatanaevasionransomwarespywarestealer

Malware Config

Targets

    • Target

      e654d76dadfd3cefd9052a116afd0e00

    • Size

      1.1MB

    • MD5

      e654d76dadfd3cefd9052a116afd0e00

    • SHA1

      0774c3f2cdf2ef9760d1cacaeb9464e6f59cf745

    • SHA256

      ca452d795d8a7055e429e57205ff2b3a2083d28fe97dbb1ba591a3178df3a1a4

    • SHA512

      5c85e2aea0db6a2fb9e1ad9960f5c42cb7db62d0089c635ae71e1d029dab83b96116770e054e8633ebeb1e0144120f937e4381b1fa1c04fe8a045aff38cfbf47

    • SSDEEP

      12288:+kN2/snXKG+LtGEUSVH+9drewoSVKxXtP2qdhGAqU1HkYXUHtv7E3vyepAyvuUY0:+kN2/sjDzAPvhuv4Tgqea0nRhO

    Score
    10/10
    chaossatanaevasionransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Satana

      Ransomware family which also encrypts the system's Master Boot Record (MBR).

      ransomwaresatana

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks