General
-
Target
0e658e362985042aa9763cfcc6b42f14063a981368219f81299f62dbbe8713fe.exe
-
Size
26KB
-
Sample
240128-x6mxksaahr
-
MD5
8f6332bfcbb34664b8042df88c62f432
-
SHA1
9d06ef53ba55d5315a53da89b83b435d17c4f328
-
SHA256
717ad322a75adb3c95b8e52291c89b375c7dca03e8acf34384f54d61e0d35dda
-
SHA512
366b22b0b64b5e02def605c78022fb720678cabeecd5f5fa9ccbc469342ebb0b68648cddc6065e55cc4015e6797fcbc2806d5d4dcdd5923e7d04acb0439f313f
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Qpb5hxDGN:5OElB6sc9GpbXxDy
Behavioral task
behavioral1
Sample
0e658e362985042aa9763cfcc6b42f14063a981368219f81299f62dbbe8713fe.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0e658e362985042aa9763cfcc6b42f14063a981368219f81299f62dbbe8713fe.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
0e658e362985042aa9763cfcc6b42f14063a981368219f81299f62dbbe8713fe.exe
-
Size
26KB
-
MD5
8f6332bfcbb34664b8042df88c62f432
-
SHA1
9d06ef53ba55d5315a53da89b83b435d17c4f328
-
SHA256
717ad322a75adb3c95b8e52291c89b375c7dca03e8acf34384f54d61e0d35dda
-
SHA512
366b22b0b64b5e02def605c78022fb720678cabeecd5f5fa9ccbc469342ebb0b68648cddc6065e55cc4015e6797fcbc2806d5d4dcdd5923e7d04acb0439f313f
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Qpb5hxDGN:5OElB6sc9GpbXxDy
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-