General
-
Target
202aa86c08d12293f3f812cbec655608df28f90dc653995ac93e6785f4e72f41.exe
-
Size
26KB
-
Sample
240128-183mlabch9
-
MD5
4e0dd6da2b2a47596e951eecddc95db5
-
SHA1
5e8c4f59df79aedcd1d77590d73aba5ddef190c8
-
SHA256
d9dec0580c3b624bd7ac370c8f5a7d59e7c6b7659da883e7deeb5d42f10b2d8e
-
SHA512
6e505658ea3f4ee1ee20dfc4fe6940258897bdab709800642de49a3b23e901742ef1ca79df121a9906edfad595caf335d55f31a1103afddea16d42cd635a573e
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Qeb5hxDG/:5OElB6sc9GebXxDE
Behavioral task
behavioral1
Sample
202aa86c08d12293f3f812cbec655608df28f90dc653995ac93e6785f4e72f41.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
202aa86c08d12293f3f812cbec655608df28f90dc653995ac93e6785f4e72f41.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
202aa86c08d12293f3f812cbec655608df28f90dc653995ac93e6785f4e72f41.exe
-
Size
26KB
-
MD5
4e0dd6da2b2a47596e951eecddc95db5
-
SHA1
5e8c4f59df79aedcd1d77590d73aba5ddef190c8
-
SHA256
d9dec0580c3b624bd7ac370c8f5a7d59e7c6b7659da883e7deeb5d42f10b2d8e
-
SHA512
6e505658ea3f4ee1ee20dfc4fe6940258897bdab709800642de49a3b23e901742ef1ca79df121a9906edfad595caf335d55f31a1103afddea16d42cd635a573e
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Qeb5hxDG/:5OElB6sc9GebXxDE
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (163) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-