General
-
Target
64449de33a9d8857620e3cc53df20f4883b960562fc26ac32c33027f0651412f.exe
-
Size
26KB
-
Sample
240128-3gywfaecfq
-
MD5
2ad7f81cdf6fe5ea94e51ea5a0273543
-
SHA1
515faa38827b7272703c4e47d23fd1aa267383e2
-
SHA256
bafdd8a8d7f8b66cd71e8a3cfce8c52c9ca0e323f6a2f1f92b2e716ebf9e6dc3
-
SHA512
a52fa4d573ea4f24df0d77d94342b76688322a223bb4d76dc519fc202a1136a68e5877b778952b5d802a6ab4e311657b8ad512b05c98c84c09ca37e84d559be1
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QEZb5hxDGY:5OElB6sc9GEZbXxDz
Behavioral task
behavioral1
Sample
64449de33a9d8857620e3cc53df20f4883b960562fc26ac32c33027f0651412f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
64449de33a9d8857620e3cc53df20f4883b960562fc26ac32c33027f0651412f.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
64449de33a9d8857620e3cc53df20f4883b960562fc26ac32c33027f0651412f.exe
-
Size
26KB
-
MD5
2ad7f81cdf6fe5ea94e51ea5a0273543
-
SHA1
515faa38827b7272703c4e47d23fd1aa267383e2
-
SHA256
bafdd8a8d7f8b66cd71e8a3cfce8c52c9ca0e323f6a2f1f92b2e716ebf9e6dc3
-
SHA512
a52fa4d573ea4f24df0d77d94342b76688322a223bb4d76dc519fc202a1136a68e5877b778952b5d802a6ab4e311657b8ad512b05c98c84c09ca37e84d559be1
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91QEZb5hxDGY:5OElB6sc9GEZbXxDz
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (157) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-