General

  • Target

    c85e2c51d367e1035407c74d5701c33f

  • Size

    18KB

  • Sample

    240314-ma1tfsbg29

  • MD5

    c85e2c51d367e1035407c74d5701c33f

  • SHA1

    8f866a991dbd63ff68027a7454df08c2f0d82c61

  • SHA256

    4d5c36ae16fb89f682ac9e5b9a3c4120a240a120a0bbc9e44dd39624e417eb3a

  • SHA512

    043189d7b576277b36d467dffd06fa867dfc4201e4d82e837ea3a7321f6a6c7647c8cf47fa21f9de1b9ab6aeb05d4ce3dad16cde05b333c37c7436af8ff15e98

  • SSDEEP

    192:ca1c5EFHg5rfWCW+5OTChvfjVOhw1qnG8V/Y1P0abAK0xNvncPKHgBD91CfmY32z:0Yksqqn7w1P0OSvD2D91C9M1FqAP

Malware Config

Extracted

Path

C:\Users\Admin\Documents\read_it.txt

Ransom Note
Oooooops ! All your files have been encrypted by a ransomware that use a military grade. Your files have been encrypted and you won't be able to decrypt them without our help 1. How Can recover my files ? To decrypt your files, you do buying a decryption logiciel that convert your crypted files into normal files. This software will allow you to recover all of your data and remove the ransomware from your computer. 2. How much cost the decryption software ? The price for the software is $150. Payment can be made in Bitcoin (BTC) only. 3. How Can I Buy BTC ? You can buy cryptocurrencies in a lot of market such Coinbase, CoinMarket, Coinama, etc. 4. How can i send my BTC ? Send $150 at this adress : BTC Adress : 173y1DPs8yPFQTVqcjdBaZSPXqfKDnzEyS 5. And After ? Contact us by mail at this adress : Mail Adress : [email protected] Join a picture of your transaction, and we will send you the decryption software. Without your money, we don't answer to your mail.
Wallets

173y1DPs8yPFQTVqcjdBaZSPXqfKDnzEyS

Targets

    • Target

      c85e2c51d367e1035407c74d5701c33f

    • Size

      18KB

    • MD5

      c85e2c51d367e1035407c74d5701c33f

    • SHA1

      8f866a991dbd63ff68027a7454df08c2f0d82c61

    • SHA256

      4d5c36ae16fb89f682ac9e5b9a3c4120a240a120a0bbc9e44dd39624e417eb3a

    • SHA512

      043189d7b576277b36d467dffd06fa867dfc4201e4d82e837ea3a7321f6a6c7647c8cf47fa21f9de1b9ab6aeb05d4ce3dad16cde05b333c37c7436af8ff15e98

    • SSDEEP

      192:ca1c5EFHg5rfWCW+5OTChvfjVOhw1qnG8V/Y1P0abAK0xNvncPKHgBD91CfmY32z:0Yksqqn7w1P0OSvD2D91C9M1FqAP

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks