General
-
Target
b4a6bb188816bca1edb65946c49c7439e53913165cb457ca0fafdcb91b7bf2ee
-
Size
519KB
-
Sample
231012-h8e77afh43
-
MD5
5526856582dad856c83aa26b7c060729
-
SHA1
a067c86e442f7c5dddb1617b7999f416ee28346f
-
SHA256
b4a6bb188816bca1edb65946c49c7439e53913165cb457ca0fafdcb91b7bf2ee
-
SHA512
4fe75e50f5e9feb8070e5de83b20ab2355597ece4343f035fed600b6ca4fd7aadb8067c7e4d2683c5bf1610a7fd24ed8d21356171996e8c2003ec21fae0b21b4
-
SSDEEP
12288:+Ul9c/i/C01H3dfy9pxtNWtpjVf+JCZ7oaI+2tXEEEG:JCE6ZawvE
Behavioral task
behavioral1
Sample
b4a6bb188816bca1edb65946c49c7439e53913165cb457ca0fafdcb91b7bf2ee.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
b4a6bb188816bca1edb65946c49c7439e53913165cb457ca0fafdcb91b7bf2ee.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\ProgramData\Adobe\Updater6\READ-THIS.txt
Targets
-
-
Target
b4a6bb188816bca1edb65946c49c7439e53913165cb457ca0fafdcb91b7bf2ee
-
Size
519KB
-
MD5
5526856582dad856c83aa26b7c060729
-
SHA1
a067c86e442f7c5dddb1617b7999f416ee28346f
-
SHA256
b4a6bb188816bca1edb65946c49c7439e53913165cb457ca0fafdcb91b7bf2ee
-
SHA512
4fe75e50f5e9feb8070e5de83b20ab2355597ece4343f035fed600b6ca4fd7aadb8067c7e4d2683c5bf1610a7fd24ed8d21356171996e8c2003ec21fae0b21b4
-
SSDEEP
12288:+Ul9c/i/C01H3dfy9pxtNWtpjVf+JCZ7oaI+2tXEEEG:JCE6ZawvE
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-