General
-
Target
c85e2c51d367e1035407c74d5701c33f
-
Size
18KB
-
Sample
240314-ma1tfsbg29
-
MD5
c85e2c51d367e1035407c74d5701c33f
-
SHA1
8f866a991dbd63ff68027a7454df08c2f0d82c61
-
SHA256
4d5c36ae16fb89f682ac9e5b9a3c4120a240a120a0bbc9e44dd39624e417eb3a
-
SHA512
043189d7b576277b36d467dffd06fa867dfc4201e4d82e837ea3a7321f6a6c7647c8cf47fa21f9de1b9ab6aeb05d4ce3dad16cde05b333c37c7436af8ff15e98
-
SSDEEP
192:ca1c5EFHg5rfWCW+5OTChvfjVOhw1qnG8V/Y1P0abAK0xNvncPKHgBD91CfmY32z:0Yksqqn7w1P0OSvD2D91C9M1FqAP
Behavioral task
behavioral1
Sample
c85e2c51d367e1035407c74d5701c33f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c85e2c51d367e1035407c74d5701c33f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Documents\read_it.txt
173y1DPs8yPFQTVqcjdBaZSPXqfKDnzEyS
Targets
-
-
Target
c85e2c51d367e1035407c74d5701c33f
-
Size
18KB
-
MD5
c85e2c51d367e1035407c74d5701c33f
-
SHA1
8f866a991dbd63ff68027a7454df08c2f0d82c61
-
SHA256
4d5c36ae16fb89f682ac9e5b9a3c4120a240a120a0bbc9e44dd39624e417eb3a
-
SHA512
043189d7b576277b36d467dffd06fa867dfc4201e4d82e837ea3a7321f6a6c7647c8cf47fa21f9de1b9ab6aeb05d4ce3dad16cde05b333c37c7436af8ff15e98
-
SSDEEP
192:ca1c5EFHg5rfWCW+5OTChvfjVOhw1qnG8V/Y1P0abAK0xNvncPKHgBD91CfmY32z:0Yksqqn7w1P0OSvD2D91C9M1FqAP
Score10/10-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-