General

  • Target

    3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac.zip

  • Size

    102KB

  • Sample

    230816-dc9dyage8y

  • MD5

    7da11b51e09501592212f269c98be376

  • SHA1

    06cbb010769d62b398593b9ad394116ca9eec386

  • SHA256

    609dccda39caf3155e50be35947da1e7101405e6a233ed9e35ad87761174f875

  • SHA512

    466acebc22bdb01774611623a15e490329742cb41241423114ef1442f507634213a29c240742784f8beee7191a89f179d0919804653c46e472f661c64da586ba

  • SSDEEP

    3072:PG0/C+Bg04WtBjrw9LFqUb6xxVYKgJ8DFnPa4FBH0akwEZ3DS:Tg05tBfwdFqk6+K1DFPlFBH3JOG

Malware Config

Targets

    • Target

      3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac.exe

    • Size

      282KB

    • MD5

      08c7ff3a65f703d12fc644b63dff19d5

    • SHA1

      f38e8932f4c88c1fd801696267924c6767155028

    • SHA256

      3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac

    • SHA512

      367761edc864129ae074b503a12dc339255ae8cebeb21eb45c1e5083351cacfcb0cd0589e66f18c9b2769c73169305871c5dfe012d45aedb18fa1a866369b4bb

    • SSDEEP

      3072:16biq9hBxqDhNiMLbfyU9+SHfZLoL9oic6VlQbuKGOQzEjQVnDnRM4n9gQ:1kiq9H8DLVLbf9r/ZLr6YbuC0hRZ9g

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks