chaos | 2a05ac3c433bcf896be4cf984b0ea5ea41006f2421cb4a4926d5eaaed6cf37e4 | Triage

Submit
Reports

Overview

overview

Static

static

variante_9lk5.bin.exe

windows7-x64

variante_9lk5.bin.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

variante_9lk5.bin.exe
Size

205KB
Sample

230311-t9ehtscd2v
MD5

5e9e6b90b530260d1f6dd462a9a2fa16
SHA1

3caa6e6d2aed85b9ea046a077a972c2a1718ee7b
SHA256

2a05ac3c433bcf896be4cf984b0ea5ea41006f2421cb4a4926d5eaaed6cf37e4
SHA512

2a0e6f2687e3bbb4158ce7bfc46b1c86794cb23fdbb041d0e5735b0e2674a9b27259edee3044e58202528e72e6c1b2ab6c4f7aeabb193f9d7f48b5bb60211f62
SSDEEP

6144:+B4Fr9NzqHW7V5V9w/UIRZizI1aqebq/lsyp:+B45qHW7nU/pZmiXqy

Score

10^/10

chaos evasion ransomware spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

variante_9lk5.bin.exe

Resource

win7-20230220-en

chaos evasion ransomware spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

variante_9lk5.bin.exe

Resource

win10v2004-20230220-en

chaos evasion ransomware spyware stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  variante_9lk5.bin.exe
- Size
  
  205KB
- MD5
  
  5e9e6b90b530260d1f6dd462a9a2fa16
- SHA1
  
  3caa6e6d2aed85b9ea046a077a972c2a1718ee7b
- SHA256
  
  2a05ac3c433bcf896be4cf984b0ea5ea41006f2421cb4a4926d5eaaed6cf37e4
- SHA512
  
  2a0e6f2687e3bbb4158ce7bfc46b1c86794cb23fdbb041d0e5735b0e2674a9b27259edee3044e58202528e72e6c1b2ab6c4f7aeabb193f9d7f48b5bb60211f62
- SSDEEP
  
  6144:+B4Fr9NzqHW7V5V9w/UIRZizI1aqebq/lsyp:+B45qHW7nU/pZmiXqy
Score

10^/10

chaos evasion ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

chaosevasionransomwarespywarestealer

behavioral2

chaosevasionransomwarespywarestealer

© 2018-2025

Terms | Privacy