chaos

General

Target

2024-02-03_dc9e50c14925c72ae3c5293bf45e7fc3_chaos_destroyer_wannacry
Size

24KB
Sample

240203-bxmpkadgg4
MD5

dc9e50c14925c72ae3c5293bf45e7fc3
SHA1

f05a6a8390a2f4c96cc5f1aa47ffc9e4dafce500
SHA256

aec0d451d6ca843979b2bbdfe0aec122e732e70f40ef590fb4563d8452ac82f5
SHA512

e0cd1f125b3307c0a3faa4d22547740126b99fc47650be0584b9f5cd24b53ad5b7c759f23e2450add23797b6653cc21fa3dbc70f552ff484ac7787acef24b8f5
SSDEEP

384:u3Mg/bqo2dbEyyEvbfEbMbp7DKB+98sJAr91CwDwbueP:Mqo2/jEOp7DWNkAr9nUaeP

Score

10^/10

Malware Config

Targets

- Target
  
  2024-02-03_dc9e50c14925c72ae3c5293bf45e7fc3_chaos_destroyer_wannacry
- Size
  
  24KB
- MD5
  
  dc9e50c14925c72ae3c5293bf45e7fc3
- SHA1
  
  f05a6a8390a2f4c96cc5f1aa47ffc9e4dafce500
- SHA256
  
  aec0d451d6ca843979b2bbdfe0aec122e732e70f40ef590fb4563d8452ac82f5
- SHA512
  
  e0cd1f125b3307c0a3faa4d22547740126b99fc47650be0584b9f5cd24b53ad5b7c759f23e2450add23797b6653cc21fa3dbc70f552ff484ac7787acef24b8f5
- SSDEEP
  
  384:u3Mg/bqo2dbEyyEvbfEbMbp7DKB+98sJAr91CwDwbueP:Mqo2/jEOp7DWNkAr9nUaeP
Score

10^/10

chaos evasion ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Detects command variations typically used by ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (192) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2