General
-
Target
bcf73d0b807d66634d7d25f399fa8ffe.bin.zip
-
Size
20KB
-
Sample
230328-f6kc1shb33
-
MD5
d2adba50a4cadb8f8d04f94a00e809e5
-
SHA1
d3ebbadbb3ccb40362887045f5c53389dc20ade7
-
SHA256
d77a53638e0cd4c51d9f7c7b971926759aaacfd7b3f041550abaaa1174f72a97
-
SHA512
e1956df4e1dabe8cbf8842af4d6c76c6ef7a72a447e461cfdd03e67e7293b0b8262ccf5deb5f2433d00d1658e97edca7521c3b6650e93bd953d5c37a5dd1ec79
-
SSDEEP
384:JnHy9SF1NfSO49uL2Fc56i8L3DpyoWf6JA3GjCkZsVxfMIqz2:J4SFDJ2Fpn3dlM3Gj7sVxfMI22
Behavioral task
behavioral1
Sample
0bb2957b2b8ed0a1c458da6edeaf5a48b2c1ecdd7d7ed33d00749ef1f5653b1e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0bb2957b2b8ed0a1c458da6edeaf5a48b2c1ecdd7d7ed33d00749ef1f5653b1e.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
0bb2957b2b8ed0a1c458da6edeaf5a48b2c1ecdd7d7ed33d00749ef1f5653b1e.exe
-
Size
88KB
-
MD5
bcf73d0b807d66634d7d25f399fa8ffe
-
SHA1
3db3790b46e2d430374f6c40e7ce25e633696b75
-
SHA256
0bb2957b2b8ed0a1c458da6edeaf5a48b2c1ecdd7d7ed33d00749ef1f5653b1e
-
SHA512
0750fe4212f1bc7a16a426f6c363797e926656f7f27cc2bc5d5f624a436b3a075263ca29fa609696d7ef2d18b79ef7da4998c75a36c9bda2bd2beb456ae08f31
-
SSDEEP
768:Hqo2MgNp4wBAQr9uNev2SU2Ip4jBqltCF0AxEjenoB69+Fx:Ko2g0AQr9usv2SFHBWAxEjc+
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-