chaos | 976cfac92a033f26ebde6eac45416c3db0fb88a963e9026fc67d115e9ba3b9e6 | Triage

Submit
Reports

Overview

overview

Static

static

976cfac92a...e6.exe

windows7-x64

976cfac92a...e6.exe

windows10-2004-x64

Sharing

General

Target

976cfac92a033f26ebde6eac45416c3db0fb88a963e9026fc67d115e9ba3b9e6
Size

181KB
Sample

240229-kpsehsca85
MD5

a321ec0a5cb29407a0fa4d8e39586dee
SHA1

5a7fb5ee8a0cc0482fe6dce7a80696bd92ef0ca9
SHA256

976cfac92a033f26ebde6eac45416c3db0fb88a963e9026fc67d115e9ba3b9e6
SHA512

21e0f35818d7015a9b639929064fa89d83f712c472f23dcf0863742e9daf24120812c3adca4d8c46fc9d1201b20c80a9810e847b92722da8665ba33a4247517e
SSDEEP

3072:3NSvwL1IDAdAN+Uj7xRQIb+GinxNNB/hwlPaMhg/pxeJjYekLfncU1AlLncSRq5W:dSvwL6DAdAN+Uj7xRQIb2xY3hgxxedbF

Score

10^/10

chaos ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

976cfac92a033f26ebde6eac45416c3db0fb88a963e9026fc67d115e9ba3b9e6.exe

Resource

win7-20240221-en

chaos ransomware spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

976cfac92a033f26ebde6eac45416c3db0fb88a963e9026fc67d115e9ba3b9e6.exe

Resource

win10v2004-20240226-en

chaos ransomware spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  976cfac92a033f26ebde6eac45416c3db0fb88a963e9026fc67d115e9ba3b9e6
- Size
  
  181KB
- MD5
  
  a321ec0a5cb29407a0fa4d8e39586dee
- SHA1
  
  5a7fb5ee8a0cc0482fe6dce7a80696bd92ef0ca9
- SHA256
  
  976cfac92a033f26ebde6eac45416c3db0fb88a963e9026fc67d115e9ba3b9e6
- SHA512
  
  21e0f35818d7015a9b639929064fa89d83f712c472f23dcf0863742e9daf24120812c3adca4d8c46fc9d1201b20c80a9810e847b92722da8665ba33a4247517e
- SSDEEP
  
  3072:3NSvwL1IDAdAN+Uj7xRQIb+GinxNNB/hwlPaMhg/pxeJjYekLfncU1AlLncSRq5W:dSvwL6DAdAN+Uj7xRQIb2xY3hgxxedbF
Score

10^/10

chaos ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Renames multiple (240) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

chaosransomwarespywarestealer

behavioral2

chaosransomwarespywarestealer

© 2018-2025

Terms | Privacy