General
-
Target
bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b.zip
-
Size
12KB
-
Sample
231004-b182zaac72
-
MD5
eae4f9f398fb9d4c763b27af187436e1
-
SHA1
9a30ccf5b8422797089729a4502665fd640695bf
-
SHA256
d5ff85e135e0f977b0fd7049f2ebbd4709c05574bc22441230043ceeb52728fb
-
SHA512
aab364d596cf2fde2cc5a388da4800c724953a2777fa08416d7fc836cb09aa139658c3213f3095eafdf1017c55e04de4bc0a4a95d839fcf4af48bcdead6a5b7f
-
SSDEEP
192:W6hP8mUHCOn5/ufNJyzHgjzdyluctMIYP+W2Ai342ZdtsNnyDfwjXw2Q9cy:bNhmlRufNJXzkXMIj4io265gSy
Behavioral task
behavioral1
Sample
bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b
-
Size
26KB
-
MD5
77621bd052797e738ed47a9a4db1beea
-
SHA1
4417200e540a377b298613edfbc56cd8c09d38f2
-
SHA256
bff457cb492f8286fcb5904231f033529b0dade3a3bf615a1674ffe5e6ca303b
-
SHA512
179c674fee62444a233f655d64dc841b50e9c3585f7464d3d5c9b058860028fe5405cb71f3f77a136adb52e087dcfbc2fc09e0a6a0e334a2f68cc93053336878
-
SSDEEP
384:etWZPzzxAm1vGdUOGKFKAUa5FKW6pVnAQ5NYlFOy5o91A/ba82vz:D7zxAmGGdu5z6pGQ5Oho9CG827
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-