Resubmissions

14-02-2024 17:05

240214-vl6g3sgc5t 10

14-02-2024 17:05

240214-vlyr8shb93 1

14-02-2024 17:00

240214-vh4jbagb5w 8

14-02-2024 16:55

240214-vfga1aga7x 10

14-02-2024 16:52

240214-vdlgyagh93 1

General

  • Target

    https://malc0de.com/database/

  • Sample

    240214-vfga1aga7x

Malware Config

Targets

    • Target

      https://malc0de.com/database/

    • Chimera

      Ransomware which infects local and network files, often distributed via Dropbox links.

    • Chimera Ransomware Loader DLL

      Drops/unpacks executable file which resembles Chimera's Loader.dll.

    • Renames multiple (353) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks