General
-
Target
20d8c690748e4ba692d29735548977fc9f4804ff20a8d4115296f600cf27a567.exe
-
Size
26KB
-
Sample
240128-1892nschbq
-
MD5
febf38f77ac9a3818644c5c89d2101cd
-
SHA1
d1ce20f32de472d833e67a3ba635b24f2a703251
-
SHA256
5fc0042052b21820fcbef8da616113a81e5b9a618ac71fe017a3d465ef2cd0bf
-
SHA512
d9ec5301286d6d5d535929fabf867df7d93698ff7a212afcd790dbb9bf143f5a519c5ba66fb4d3a0b7c8cf47542061372fcde5a8c68220c9697925d2e5a32f45
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QXMb5hxDGi:5OElB6sc9GXMbXxDd
Behavioral task
behavioral1
Sample
20d8c690748e4ba692d29735548977fc9f4804ff20a8d4115296f600cf27a567.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
20d8c690748e4ba692d29735548977fc9f4804ff20a8d4115296f600cf27a567.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
20d8c690748e4ba692d29735548977fc9f4804ff20a8d4115296f600cf27a567.exe
-
Size
26KB
-
MD5
febf38f77ac9a3818644c5c89d2101cd
-
SHA1
d1ce20f32de472d833e67a3ba635b24f2a703251
-
SHA256
5fc0042052b21820fcbef8da616113a81e5b9a618ac71fe017a3d465ef2cd0bf
-
SHA512
d9ec5301286d6d5d535929fabf867df7d93698ff7a212afcd790dbb9bf143f5a519c5ba66fb4d3a0b7c8cf47542061372fcde5a8c68220c9697925d2e5a32f45
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QXMb5hxDGi:5OElB6sc9GXMbXxDd
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-