General
-
Target
902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5
-
Size
55KB
-
Sample
231011-p1a2tsad74
-
MD5
04fe14d0256c71c7ef0173c1bac2d407
-
SHA1
b4972cbff4112fa1623e1921bb85dec39f923d2b
-
SHA256
902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5
-
SHA512
166ab82d5c16f100405730a212ef4b7ebd21d4e5ac753f205e67c53068a35f3f2a28475d1e805c02f42c32425b8c53910b8d5b585dc3efe2e4536a7603c03a84
-
SSDEEP
1536:eo2mQ1r9WekrJqzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzs:eolQ1r9WF9hF
Behavioral task
behavioral1
Sample
902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5
-
Size
55KB
-
MD5
04fe14d0256c71c7ef0173c1bac2d407
-
SHA1
b4972cbff4112fa1623e1921bb85dec39f923d2b
-
SHA256
902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5
-
SHA512
166ab82d5c16f100405730a212ef4b7ebd21d4e5ac753f205e67c53068a35f3f2a28475d1e805c02f42c32425b8c53910b8d5b585dc3efe2e4536a7603c03a84
-
SSDEEP
1536:eo2mQ1r9WekrJqzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzs:eolQ1r9WF9hF
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (58) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (93) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Sets desktop wallpaper using registry
-