General

  • Target

    6480fc12292296a76979f4340ec0432a69ff466792f8eb3281558617df45aa48.zip

  • Size

    259KB

  • Sample

    230819-3ytcaacf93

  • MD5

    c57b5631f3b63f574113a8b110a655a9

  • SHA1

    acf019969ce7c337870da8cfae63e18397bd2734

  • SHA256

    06e7cd4822358da3054d87e6abc6a7c5709afe75252bf74bfcd8899fb183a7b6

  • SHA512

    311dab97ad5b490a5735516ef975ffef53dd0ec4477d85324826e6c934f8d9cb3356791b44da8c4c0a636cfc15d7024a812b5e6d6b21ccd295444c2e10ded719

  • SSDEEP

    6144:3aWYzt5JwuwhNYKgT5d1fl515vawmz06FlkN32XIyLLle7nJHo:3aJ1ww/T5d1fv15iRFsynluJHo

Malware Config

Targets

    • Target

      6480fc12292296a76979f4340ec0432a69ff466792f8eb3281558617df45aa48.exe

    • Size

      552KB

    • MD5

      55732b58542d96fd54bafbdee4b63713

    • SHA1

      ddf634cde67534177cc503888cb6690130a00ce2

    • SHA256

      6480fc12292296a76979f4340ec0432a69ff466792f8eb3281558617df45aa48

    • SHA512

      6419022a662098052f3933b0897fba5780e73938a7377bd46fe47d0ac34e2e90a32c19a79a955e754bff230c62029dff0f4ec278438deebd7104ffb20d20287c

    • SSDEEP

      12288:IXdsgKhyeqS+8kFrQoYBQ+1d8jPm4+Pyd7iW7KsxKZLae+0YG1RJpdUjdV:IezaEHTjUP

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks