General
-
Target
9655de02d2274819418054aa58e22e88b2b649a5d2da076e9e53ce425048ea45
-
Size
26KB
-
Sample
240306-f3c5jadb39
-
MD5
ad78e9e6e100891aa25b07097029842a
-
SHA1
d979d4fc1bfb8b54699423a5a35d1064426b4f1c
-
SHA256
9655de02d2274819418054aa58e22e88b2b649a5d2da076e9e53ce425048ea45
-
SHA512
3796a39cee380b76c9e034237bd929232df26bc77154aff7d7049301fb452c991bab555362af4c67540bc6d5b0bbf6e96eea2bb4c9d3b285791ae795ef6059c6
-
SSDEEP
384:r3Mg/bqo2jiDpMkms1mIJDr91CrLGezan:Nqo2eDpMkms1mADr9UiezU
Malware Config
Targets
-
-
Target
9655de02d2274819418054aa58e22e88b2b649a5d2da076e9e53ce425048ea45
-
Size
26KB
-
MD5
ad78e9e6e100891aa25b07097029842a
-
SHA1
d979d4fc1bfb8b54699423a5a35d1064426b4f1c
-
SHA256
9655de02d2274819418054aa58e22e88b2b649a5d2da076e9e53ce425048ea45
-
SHA512
3796a39cee380b76c9e034237bd929232df26bc77154aff7d7049301fb452c991bab555362af4c67540bc6d5b0bbf6e96eea2bb4c9d3b285791ae795ef6059c6
-
SSDEEP
384:r3Mg/bqo2jiDpMkms1mIJDr91CrLGezan:Nqo2eDpMkms1mADr9UiezU
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-