General
-
Target
NEAS.0d7a640fb05d0ecb9411f6db89dcfefc4407c390aa616ea8b98ab2429f0ece0e_JC.exe
-
Size
27KB
-
Sample
231007-yr4r8afa5x
-
MD5
f924c242f4a8691531d4113eaf559c93
-
SHA1
4e6d64ecacfc679cf69391369ee42d4d03004429
-
SHA256
0d7a640fb05d0ecb9411f6db89dcfefc4407c390aa616ea8b98ab2429f0ece0e
-
SHA512
8d9ca8fd5e7444b1e9ec73afd738b26d792304d129f6a6a69312a9ae0744e4a882b04fe767dac2cd9b5ad67698658256bbd4f44dc8c0af2eda045fa2ae83ebb2
-
SSDEEP
384:ktWZPzzxAm1vp5ZRoDNhvLKeOS2NiNWlCOy5o91yXpD82vW:p7zxAmpfyzeeOSSiXho9mN82e
Behavioral task
behavioral1
Sample
NEAS.0d7a640fb05d0ecb9411f6db89dcfefc4407c390aa616ea8b98ab2429f0ece0e_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.0d7a640fb05d0ecb9411f6db89dcfefc4407c390aa616ea8b98ab2429f0ece0e_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\ProgramData\Adobe\Updater6\read_it.txt
Targets
-
-
Target
NEAS.0d7a640fb05d0ecb9411f6db89dcfefc4407c390aa616ea8b98ab2429f0ece0e_JC.exe
-
Size
27KB
-
MD5
f924c242f4a8691531d4113eaf559c93
-
SHA1
4e6d64ecacfc679cf69391369ee42d4d03004429
-
SHA256
0d7a640fb05d0ecb9411f6db89dcfefc4407c390aa616ea8b98ab2429f0ece0e
-
SHA512
8d9ca8fd5e7444b1e9ec73afd738b26d792304d129f6a6a69312a9ae0744e4a882b04fe767dac2cd9b5ad67698658256bbd4f44dc8c0af2eda045fa2ae83ebb2
-
SSDEEP
384:ktWZPzzxAm1vp5ZRoDNhvLKeOS2NiNWlCOy5o91yXpD82vW:p7zxAmpfyzeeOSSiXho9mN82e
Score10/10-
Chaos Ransomware
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-