Overview

overview

10

Static

static

10

8082-svc-x64.exe

windows7-x64

1

8082-svc-x64.exe

windows10-2004-x64

1

8082-svc-x86.exe

windows7-x64

1

8082-svc-x86.exe

windows10-2004-x64

1

8082-x64.dll

windows7-x64

3

8082-x64.dll

windows10-2004-x64

1

8082-x64.exe

windows7-x64

10

8082-x64.exe

windows10-2004-x64

10

8082-x64.ps1

windows7-x64

8

8082-x64.ps1

windows10-2004-x64

8

8082-x64.py

windows7-x64

3

8082-x64.py

windows10-2004-x64

3

8082-x86.dll

windows7-x64

1

8082-x86.dll

windows10-2004-x64

1

8082-x86.exe

windows7-x64

10

8082-x86.exe

windows10-2004-x64

10

8082-x86.ps1

windows7-x64

8

8082-x86.ps1

windows10-2004-x64

8

8082-x86.py

windows7-x64

3

8082-x86.py

windows10-2004-x64

3

ConfirmEmail.exe

windows7-x64

10

ConfirmEmail.exe

windows10-2004-x64

10

LB3.exe

windows7-x64

10

LB3.exe

windows10-2004-x64

10

LB3_Rundll32.dll

windows7-x64

1

LB3_Rundll32.dll

windows10-2004-x64

1

PlayServic...te.apk

android-9-x86

7

PlayServic...te.apk

android-10-x64

1

PlayServic...te.apk

android-11-x64

7

PowerPoint3to4.exe

windows7-x64

10

PowerPoint3to4.exe

windows10-2004-x64

10

VerifyIdentity.exe

windows7-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    d.7z

  • Size

    6.2MB

  • MD5

    341fa4ba528fb7ab6661d22359c3a8e1

  • SHA1

    f03e8b3ec10ee6640ed0a81f5e91cac46c8597d7

  • SHA256

    e86c580d284ea3dec532dd5c2b93f3b9a6e8fe49b833e6a1a4ca083d2b2b9add

  • SHA512

    647c420e40d3d16c2d1b699ee23153377776a5662e896bc80d0ac21526fb16e53c6f950c0f2c2c9cd36acfd3f447c4abd319d84806769e783a7ab6b4133f341c

  • SSDEEP

    196608:8zrXWT5cljpYOvrBVK4rjBBFUtQWJ0FIz:8PGTi9pf1V/LR4z

Score
10/10
ransomwarechaos

Malware Config

Extracted

Ransom Note
!WARNING! YOU ARE INFECTED WITH A RANSOMWARE VIRUS WITH MILITARY GRADE ENCRYPTION email [email protected] if you need customer support All your data of all your users, all your databases and all your Websites are encrypted You have three days to transfer 0.1484 bitcoins to the folowing bitcoin wallet address bc1qejgt23y3vqdv0q90mpvw4kmancsq86a7sh3wc8 After payment has been confirmed you will receive decryption program and private keys and all files will be returned to normal If you are unfamilar with bitcoin, email the address above or do a google search on how to purchase and send bitcoin.

Signatures

  • Chaos Ransomware 2 IoCs
  • Chaos family
    chaos
  • Requests dangerous framework permissions 14 IoCs

Files

  • d.7z
    .7z
  • 8082-process-x64.bin
  • 8082-process-x86.bin
  • 8082-svc-x64.exe
    .exe windows x64

    bed5688a4a2b5ea6984115b458755e90


    Headers

    Imports

    Sections

  • 8082-svc-x86.exe
    .exe windows x86

    de77f3139eaf74f1b255ab7be0b6605f


    Headers

    Imports

    Sections

  • 8082-thread-x64.bin
  • 8082-thread-x86.bin
  • 8082-x64.dll
    .dll regsvr32 windows x64

    f73cb1b8999c7e79c50459b8e1f144f0


    Headers

    Imports

    Exports

    Sections

  • 8082-x64.exe
    .exe windows x64

    17b461a082950fc6332228572138b80c


    Headers

    Imports

    Sections

  • 8082-x64.ps1
    .ps1
  • 8082-x64.py
  • 8082-x86.dll
    .dll regsvr32 windows x86

    e1dcffde169ed8b947dc63acdb78aeca


    Headers

    Imports

    Exports

    Sections

  • 8082-x86.exe
    .exe windows x86

    dc25ee78e2ef4d36faa0badf1e7461c9


    Headers

    Imports

    Sections

  • 8082-x86.ps1
    .ps1
  • 8082-x86.py
  • ConfirmEmail.exe
    .exe windows x86

    41fb8cb2943df6de998b35a9d28668e8


    Headers

    Imports

    Sections

  • LB3.exe
    .exe windows x86

    41fb8cb2943df6de998b35a9d28668e8


    Headers

    Imports

    Sections

  • LB3_Rundll32.dll
    .dll windows x86

    b750c147c0bcc8b349e4f1143ac1432e


    Headers

    Imports

    Exports

    Sections

  • PlayServicesUpdate.apk
    .apk android

    com.metasploit.stage

    .MainActivity


  • PowerPoint3to4.exe
    .exe windows x86

    41fb8cb2943df6de998b35a9d28668e8


    Code Sign

    Headers

    Imports

    Sections

  • RDP_MSP_INSTALL_SCRIPTS-AWESOME.txt
  • READ_THIS.txt
  • VerifyIdentity.exe
    .exe windows x64

    557851f516941d1f8c24a919bde970cc


    Headers

    Imports

    Sections

  • VerifyIdentity.zip
    .zip
  • WoundedGryphon.sh
    .sh linux
  • anubis.sh
    .sh linux
  • googleDriveDesktopAlbum14.exe
    .exe windows x64

    557851f516941d1f8c24a919bde970cc


    Headers

    Imports

    Sections

  • hoax.txt
  • output.html
    .html
  • output.pdf
    .pdf
  • passwordstorageFix.exe
    .exe windows x64

    557851f516941d1f8c24a919bde970cc


    Headers

    Imports

    Sections

  • svchost.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • svchosts.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • upgrade/LICENSE-WhiteBox.html
  • upgrade/LICENSE.html
  • upgrade/README.md
  • upgrade/bg.jpg
    .jpg
  • upgrade/cipher.sh
    .sh linux
  • upgrade/decipher.sh
    .sh linux
  • upgrade/list.html
  • upgrade/ransom.html
    .html
  • upgrade/whiteCipher.html
    .elf linux x64
  • upgrade/whiteDecipher.sh
    .sh linux
  • upgrade/whiteKey.html