General
-
Target
5179d5f35a03efc46f303471452d7b0fe7798b412870f00a9cbcbc8873306604.exe
-
Size
26KB
-
Sample
240128-26t34scdg6
-
MD5
9ec43f31883d7d6a056c5a961256622d
-
SHA1
c0e59336a202b3235c20c562f94809e135da8672
-
SHA256
78a81507fb6818fed244bc5a4029428433f4db4c8c6582f11990c8514408e22c
-
SHA512
31dc4a5d800746888bd064f4daf3fcb43e43092193d8d5893e5d66b4ab3d0016c4c1305355e6b168c95a7d19e022c98e649395a5970426ff362a5be4cc9ad4a1
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QNb5hxDGba:5OElB6sc9GNbXxDga
Behavioral task
behavioral1
Sample
5179d5f35a03efc46f303471452d7b0fe7798b412870f00a9cbcbc8873306604.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5179d5f35a03efc46f303471452d7b0fe7798b412870f00a9cbcbc8873306604.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
5179d5f35a03efc46f303471452d7b0fe7798b412870f00a9cbcbc8873306604.exe
-
Size
26KB
-
MD5
9ec43f31883d7d6a056c5a961256622d
-
SHA1
c0e59336a202b3235c20c562f94809e135da8672
-
SHA256
78a81507fb6818fed244bc5a4029428433f4db4c8c6582f11990c8514408e22c
-
SHA512
31dc4a5d800746888bd064f4daf3fcb43e43092193d8d5893e5d66b4ab3d0016c4c1305355e6b168c95a7d19e022c98e649395a5970426ff362a5be4cc9ad4a1
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QNb5hxDGba:5OElB6sc9GNbXxDga
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-