General

  • Target

    902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5

  • Size

    55KB

  • Sample

    231011-p1a2tsad74

  • MD5

    04fe14d0256c71c7ef0173c1bac2d407

  • SHA1

    b4972cbff4112fa1623e1921bb85dec39f923d2b

  • SHA256

    902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5

  • SHA512

    166ab82d5c16f100405730a212ef4b7ebd21d4e5ac753f205e67c53068a35f3f2a28475d1e805c02f42c32425b8c53910b8d5b585dc3efe2e4536a7603c03a84

  • SSDEEP

    1536:eo2mQ1r9WekrJqzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzs:eolQ1r9WF9hF

Malware Config

Targets

    • Target

      902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5

    • Size

      55KB

    • MD5

      04fe14d0256c71c7ef0173c1bac2d407

    • SHA1

      b4972cbff4112fa1623e1921bb85dec39f923d2b

    • SHA256

      902b16b11fc262b96d921f00f96bc83b0a302dc02829e14b17a8227e0e49d3c5

    • SHA512

      166ab82d5c16f100405730a212ef4b7ebd21d4e5ac753f205e67c53068a35f3f2a28475d1e805c02f42c32425b8c53910b8d5b585dc3efe2e4536a7603c03a84

    • SSDEEP

      1536:eo2mQ1r9WekrJqzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzs:eolQ1r9WF9hF

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Renames multiple (58) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (93) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks