General
-
Target
58d0391429ea558f92c63e05a4dcdb35fc4b552691a7583ea784a6d78be47032.exe
-
Size
26KB
-
Sample
240128-3bgd7sceh4
-
MD5
82565f291499d7e7be3756a3f9718085
-
SHA1
da29dd76cb6ddc8aba66750e60d58ac16fe43fb7
-
SHA256
0dffc820e768d62b9852e14025fea61077de1952e8f60f476205f2679942597d
-
SHA512
4d2859d6fd72a07b701c57e95d6e9a78ea3591b7f36dcb12325d234d86a1f5c1ea9cf2eefe8799f57069abe9a6a6664d8fe0af904f07646b6f21e859fa9069fe
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Q1b5hxDGw:5OElB6sc9G1bXxDr
Behavioral task
behavioral1
Sample
58d0391429ea558f92c63e05a4dcdb35fc4b552691a7583ea784a6d78be47032.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
58d0391429ea558f92c63e05a4dcdb35fc4b552691a7583ea784a6d78be47032.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
58d0391429ea558f92c63e05a4dcdb35fc4b552691a7583ea784a6d78be47032.exe
-
Size
26KB
-
MD5
82565f291499d7e7be3756a3f9718085
-
SHA1
da29dd76cb6ddc8aba66750e60d58ac16fe43fb7
-
SHA256
0dffc820e768d62b9852e14025fea61077de1952e8f60f476205f2679942597d
-
SHA512
4d2859d6fd72a07b701c57e95d6e9a78ea3591b7f36dcb12325d234d86a1f5c1ea9cf2eefe8799f57069abe9a6a6664d8fe0af904f07646b6f21e859fa9069fe
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Q1b5hxDGw:5OElB6sc9G1bXxDr
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (178) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-