General
-
Target
4debc387966fb671fda6a3681133273a34ffa71215961cd18f73ac0575f859c8.exe
-
Size
26KB
-
Sample
240128-24qynsdhak
-
MD5
a398de6cd01f5b5f85725c48a74865b6
-
SHA1
452ddf5cde6bbf4d17d302b7e3eb99c0f4cc79a3
-
SHA256
dd0c6271afc6a73acbbd7219c38242edf584b13c4c40904395e596575f859476
-
SHA512
d62f241084c5ab67931b544a61b9baa098a38442a94bcd79cff2de6c58f24cc48564530dea11d6b4da5f81abac8c240e5ea14ccbe4b02e0817aac3c6578f3702
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QMb5hxDGy:5OElB6sc9GMbXxDt
Behavioral task
behavioral1
Sample
4debc387966fb671fda6a3681133273a34ffa71215961cd18f73ac0575f859c8.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4debc387966fb671fda6a3681133273a34ffa71215961cd18f73ac0575f859c8.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
4debc387966fb671fda6a3681133273a34ffa71215961cd18f73ac0575f859c8.exe
-
Size
26KB
-
MD5
a398de6cd01f5b5f85725c48a74865b6
-
SHA1
452ddf5cde6bbf4d17d302b7e3eb99c0f4cc79a3
-
SHA256
dd0c6271afc6a73acbbd7219c38242edf584b13c4c40904395e596575f859476
-
SHA512
d62f241084c5ab67931b544a61b9baa098a38442a94bcd79cff2de6c58f24cc48564530dea11d6b4da5f81abac8c240e5ea14ccbe4b02e0817aac3c6578f3702
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QMb5hxDGy:5OElB6sc9GMbXxDt
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (179) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-