General

  • Target

    bcf73d0b807d66634d7d25f399fa8ffe.bin.zip

  • Size

    20KB

  • Sample

    230328-f6kc1shb33

  • MD5

    d2adba50a4cadb8f8d04f94a00e809e5

  • SHA1

    d3ebbadbb3ccb40362887045f5c53389dc20ade7

  • SHA256

    d77a53638e0cd4c51d9f7c7b971926759aaacfd7b3f041550abaaa1174f72a97

  • SHA512

    e1956df4e1dabe8cbf8842af4d6c76c6ef7a72a447e461cfdd03e67e7293b0b8262ccf5deb5f2433d00d1658e97edca7521c3b6650e93bd953d5c37a5dd1ec79

  • SSDEEP

    384:JnHy9SF1NfSO49uL2Fc56i8L3DpyoWf6JA3GjCkZsVxfMIqz2:J4SFDJ2Fpn3dlM3Gj7sVxfMI22

Malware Config

Targets

    • Target

      0bb2957b2b8ed0a1c458da6edeaf5a48b2c1ecdd7d7ed33d00749ef1f5653b1e.exe

    • Size

      88KB

    • MD5

      bcf73d0b807d66634d7d25f399fa8ffe

    • SHA1

      3db3790b46e2d430374f6c40e7ce25e633696b75

    • SHA256

      0bb2957b2b8ed0a1c458da6edeaf5a48b2c1ecdd7d7ed33d00749ef1f5653b1e

    • SHA512

      0750fe4212f1bc7a16a426f6c363797e926656f7f27cc2bc5d5f624a436b3a075263ca29fa609696d7ef2d18b79ef7da4998c75a36c9bda2bd2beb456ae08f31

    • SSDEEP

      768:Hqo2MgNp4wBAQr9uNev2SU2Ip4jBqltCF0AxEjenoB69+Fx:Ko2g0AQr9usv2SFHBWAxEjc+

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Defense Evasion

File Deletion

3
T1107

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Impact

Inhibit System Recovery

4
T1490

Tasks