General

  • Target

    bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b.zip

  • Size

    12KB

  • Sample

    231004-b182zaac72

  • MD5

    eae4f9f398fb9d4c763b27af187436e1

  • SHA1

    9a30ccf5b8422797089729a4502665fd640695bf

  • SHA256

    d5ff85e135e0f977b0fd7049f2ebbd4709c05574bc22441230043ceeb52728fb

  • SHA512

    aab364d596cf2fde2cc5a388da4800c724953a2777fa08416d7fc836cb09aa139658c3213f3095eafdf1017c55e04de4bc0a4a95d839fcf4af48bcdead6a5b7f

  • SSDEEP

    192:W6hP8mUHCOn5/ufNJyzHgjzdyluctMIYP+W2Ai342ZdtsNnyDfwjXw2Q9cy:bNhmlRufNJXzkXMIj4io265gSy

Malware Config

Targets

    • Target

      bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b

    • Size

      26KB

    • MD5

      77621bd052797e738ed47a9a4db1beea

    • SHA1

      4417200e540a377b298613edfbc56cd8c09d38f2

    • SHA256

      bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b

    • SHA512

      179c674fee62444a233f655d64dc841b50e9c3585f7464d3d5c9b058860028fe5405cb71f3f77a136adb52e087dcfbc2fc09e0a6a0e334a2f68cc93053336878

    • SSDEEP

      384:etWZPzzxAm1vGdUOGKFKAUa5FKW6pVnAQ5NYlFOy5o91A/ba82vz:D7zxAmGGdu5z6pGQ5Oho9CG827

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks