chimera | hxxp://d | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

http://d

windows10-2004-x64

Sharing

General

Target

http://d
Sample

240227-saeh4scb9v

Score

10^/10

chimera discovery persistence ransomware

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

http://d

Resource

win10v2004-20240226-en

chimera discovery persistence ransomware

windows10-2004-x64

22 signatures

1800 seconds

Malware Config

Targets

- Target
  
  http://d
Score

10^/10

chimera discovery persistence ransomware
- Chimera
  Ransomware which infects local and network files, often distributed via Dropbox links.
  ransomware chimera
- Chimera Ransomware Loader DLL
  Drops/unpacks executable file which resembles Chimera's Loader.dll.
  ransomware
- Renames multiple (3285) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

chimeradiscoverypersistenceransomware

© 2018-2024

Terms | Privacy