Overview

overview

10

Static

static

10

6caaa5d65e...2f.exe

windows7-x64

10

6caaa5d65e...2f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6caaa5d65e3143c125dfaded69bd9c4ba7b6e0594c2328ed3de0c7bcabe0ed2f

  • Size

    199KB

  • Sample

    221218-smb9hsfd5w

  • MD5

    b89623caba31b7994735f4f5bf437fcd

  • SHA1

    12687458b19ec21ba567ac2bc974434a55855b64

  • SHA256

    6caaa5d65e3143c125dfaded69bd9c4ba7b6e0594c2328ed3de0c7bcabe0ed2f

  • SHA512

    dc251cdaca963fb215ffae43a4fc88fca84035c698f0678ff04e1fb19114937cf052c209652548a1f97da3ee9e0e7ecd7f18aa2c8d0b038086bea854c12ab2e5

  • SSDEEP

    3072:fBZmq9ePWNIG+9tv+9q9tBFKfpYnmig3/Vl0hpVervREDLUYwExij:fBZmq9ju3HFKDi3pOeLb

Score
10/10
chaosevasionpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      6caaa5d65e3143c125dfaded69bd9c4ba7b6e0594c2328ed3de0c7bcabe0ed2f

    • Size

      199KB

    • MD5

      b89623caba31b7994735f4f5bf437fcd

    • SHA1

      12687458b19ec21ba567ac2bc974434a55855b64

    • SHA256

      6caaa5d65e3143c125dfaded69bd9c4ba7b6e0594c2328ed3de0c7bcabe0ed2f

    • SHA512

      dc251cdaca963fb215ffae43a4fc88fca84035c698f0678ff04e1fb19114937cf052c209652548a1f97da3ee9e0e7ecd7f18aa2c8d0b038086bea854c12ab2e5

    • SSDEEP

      3072:fBZmq9ePWNIG+9tv+9q9tBFKfpYnmig3/Vl0hpVervREDLUYwExij:fBZmq9ju3HFKDi3pOeLb

    Score
    10/10
    chaosevasionpersistenceransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks