General
-
Target
f1167808.exe
-
Size
23KB
-
Sample
231015-pamypshc22
-
MD5
a88a0aa62a9e29cc30948b721e9e8b52
-
SHA1
45b71da84aca13b69dd9c8cb21b815260c23a215
-
SHA256
9d70b9e0df50aedb0a5864fc53b4c738b5725e4fec5286f723b52eef0c709211
-
SHA512
0a2f9dc57e81dd2d234e934562ad4951565c6f6b47b587e5cadc6b4041b1dbaff4e4c60b19b3156ceecf3ea8c7b3d9559a3fc1da219af00c47145a909ba7c18a
-
SSDEEP
384:X3Mg/bqo2klNxFd8wOpupHDKB+98cJ6r91CjEcfSeO:Bqo2ixFWwppHDuN06r9uEcKeO
Behavioral task
behavioral1
Sample
f1167808.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f1167808.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\Users\Admin\Documents\bitdecrypter.txt
3BrbefoFF6oFyYYhXPSBGVMLWNHDHSL3rK
Targets
-
-
Target
f1167808.exe
-
Size
23KB
-
MD5
a88a0aa62a9e29cc30948b721e9e8b52
-
SHA1
45b71da84aca13b69dd9c8cb21b815260c23a215
-
SHA256
9d70b9e0df50aedb0a5864fc53b4c738b5725e4fec5286f723b52eef0c709211
-
SHA512
0a2f9dc57e81dd2d234e934562ad4951565c6f6b47b587e5cadc6b4041b1dbaff4e4c60b19b3156ceecf3ea8c7b3d9559a3fc1da219af00c47145a909ba7c18a
-
SSDEEP
384:X3Mg/bqo2klNxFd8wOpupHDKB+98cJ6r91CjEcfSeO:Bqo2ixFWwppHDuN06r9uEcKeO
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-