General
-
Target
d3dd6f0943aa13f6689f5dbc0b0bc7ae67ee0821edf22a0834296058f6b812a9.exe
-
Size
25KB
-
Sample
231012-t1x9ksbd7z
-
MD5
25d1b2a1165f06a99d6dc824310f959c
-
SHA1
fb01e16d8afd550aae25994f30342ce495069955
-
SHA256
d3dd6f0943aa13f6689f5dbc0b0bc7ae67ee0821edf22a0834296058f6b812a9
-
SHA512
69dd7ae6b3e5b41f17044c617bd65821f16e50f01ad12c163d6a948c81521dec61d79dfd55d0289eeaa5736344fa6193422ed47c1e1c506c2a67d84e22c725af
-
SSDEEP
384:u0JORJN7LK87gh71pYS2aNLQyOVs91wZzLH0b51W7:uJ88qD2it9aNLUbr6
Behavioral task
behavioral1
Sample
d3dd6f0943aa13f6689f5dbc0b0bc7ae67ee0821edf22a0834296058f6b812a9.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
d3dd6f0943aa13f6689f5dbc0b0bc7ae67ee0821edf22a0834296058f6b812a9.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\read_it.txt
chaos
Targets
-
-
Target
d3dd6f0943aa13f6689f5dbc0b0bc7ae67ee0821edf22a0834296058f6b812a9.exe
-
Size
25KB
-
MD5
25d1b2a1165f06a99d6dc824310f959c
-
SHA1
fb01e16d8afd550aae25994f30342ce495069955
-
SHA256
d3dd6f0943aa13f6689f5dbc0b0bc7ae67ee0821edf22a0834296058f6b812a9
-
SHA512
69dd7ae6b3e5b41f17044c617bd65821f16e50f01ad12c163d6a948c81521dec61d79dfd55d0289eeaa5736344fa6193422ed47c1e1c506c2a67d84e22c725af
-
SSDEEP
384:u0JORJN7LK87gh71pYS2aNLQyOVs91wZzLH0b51W7:uJ88qD2it9aNLUbr6
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-