General

  • Target

    04b106b179c202c67361aa4debad5d82f79a1927ab0ab8abc2ef350d18894b08.exe

  • Size

    39KB

  • Sample

    231012-t14rcsbd9w

  • MD5

    b1228ba24ca5f75f8df9d5d177e5bb2b

  • SHA1

    1895758de51ccfefa40239aa11055540c8c5deb7

  • SHA256

    04b106b179c202c67361aa4debad5d82f79a1927ab0ab8abc2ef350d18894b08

  • SHA512

    7abc1df0089a1a00aadc11c33eecffb5d85258acc4eac0b261ceaea77e814eaf671506383fe0074fd5779b8bc58e0f48f0d15309aa81aecf27ecc6633da4c5a4

  • SSDEEP

    768:hqo2khp1DlNjwQr9KWO4TOpkx7u/LraCvpbMC2mkek:ko2kFpNjwQr9KWODkx74L2CNf5k

Malware Config

Targets

    • Target

      04b106b179c202c67361aa4debad5d82f79a1927ab0ab8abc2ef350d18894b08.exe

    • Size

      39KB

    • MD5

      b1228ba24ca5f75f8df9d5d177e5bb2b

    • SHA1

      1895758de51ccfefa40239aa11055540c8c5deb7

    • SHA256

      04b106b179c202c67361aa4debad5d82f79a1927ab0ab8abc2ef350d18894b08

    • SHA512

      7abc1df0089a1a00aadc11c33eecffb5d85258acc4eac0b261ceaea77e814eaf671506383fe0074fd5779b8bc58e0f48f0d15309aa81aecf27ecc6633da4c5a4

    • SSDEEP

      768:hqo2khp1DlNjwQr9KWO4TOpkx7u/LraCvpbMC2mkek:ko2kFpNjwQr9KWODkx74L2CNf5k

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Modifies boot configuration data using bcdedit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks