General
-
Target
WinRAR.exe
-
Size
270KB
-
Sample
230906-qtraxaff94
-
MD5
14ea366be5cb691078be2c302590f435
-
SHA1
84e562bb99249a58849f6f82b29a7746dd144900
-
SHA256
82e6b71b99a6ec602cfbdc00e0bbaf34c719d7b6879b6e384004886d491ad45a
-
SHA512
9be5097295010fa04e04fcae578b19ab43935b09a70d8b31a038fd1ef7ed89dcd9143b82400e8d31913bf32a7a18628557dfaa1f4d37c1e7c8062d7a7368afb9
-
SSDEEP
6144:r02q9t3hysg2+00aHYHjdCoD5oa+S/dIm:Aj3hBg/00aHYDd3DCO/dI
Behavioral task
behavioral1
Sample
WinRAR.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
WinRAR.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
C:\ProgramData\Adobe\Updater6\NOTE!.txt
Targets
-
-
Target
WinRAR.exe
-
Size
270KB
-
MD5
14ea366be5cb691078be2c302590f435
-
SHA1
84e562bb99249a58849f6f82b29a7746dd144900
-
SHA256
82e6b71b99a6ec602cfbdc00e0bbaf34c719d7b6879b6e384004886d491ad45a
-
SHA512
9be5097295010fa04e04fcae578b19ab43935b09a70d8b31a038fd1ef7ed89dcd9143b82400e8d31913bf32a7a18628557dfaa1f4d37c1e7c8062d7a7368afb9
-
SSDEEP
6144:r02q9t3hysg2+00aHYHjdCoD5oa+S/dIm:Aj3hBg/00aHYDd3DCO/dI
Score10/10-
Chaos Ransomware
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-