General
-
Target
adawarewebinstaller.bin.exe
-
Size
137KB
-
Sample
230206-yvzbxaah8x
-
MD5
9b02b542834573f9502ca83719a73a01
-
SHA1
f3bc7cf16eec977772455f3fce87fed505fb18e3
-
SHA256
e48bd2f16b53a3630f3fca69d0d236d15bc23b08754d980bd29b15841b0fdf14
-
SHA512
290c7a5bfc921817d1803ddbe8dd07210301082498945bcabdb597368f92c6fc1050cefec514e6d250571cb4afd6427d8e4ab7cd15d7a46a44cb088cd4d1b031
-
SSDEEP
3072:Eoy7AHYqr9ACDYVbu4sijUtSWnFA22WnVaxs2gzx+IjBz2:0mr9AHVycjUgWnFAGms2gzoch
Behavioral task
behavioral1
Sample
adawarewebinstaller.bin.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
adawarewebinstaller.bin.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\Users\Admin\Desktop\andrianov.txt
leonid.andrianoviaa@mail.ru
3QpLGGaeFwxtV61p1bBUpTBzPcKdtPQpNA
Targets
-
-
Target
adawarewebinstaller.bin.exe
-
Size
137KB
-
MD5
9b02b542834573f9502ca83719a73a01
-
SHA1
f3bc7cf16eec977772455f3fce87fed505fb18e3
-
SHA256
e48bd2f16b53a3630f3fca69d0d236d15bc23b08754d980bd29b15841b0fdf14
-
SHA512
290c7a5bfc921817d1803ddbe8dd07210301082498945bcabdb597368f92c6fc1050cefec514e6d250571cb4afd6427d8e4ab7cd15d7a46a44cb088cd4d1b031
-
SSDEEP
3072:Eoy7AHYqr9ACDYVbu4sijUtSWnFA22WnVaxs2gzx+IjBz2:0mr9AHVycjUgWnFAGms2gzoch
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-