General
-
Target
PrivateChat.exe
-
Size
120KB
-
Sample
240322-z6x4naha63
-
MD5
5d4c5f3457c4487fe26df768ed8f3d2b
-
SHA1
f5f3df7d11e06dc158ac8183a8bde5895f8ea251
-
SHA256
19c393a4787d325984d850d8f02db1f302819b808952f72c332251d5d95f7c32
-
SHA512
793b8917ad068b77bcc7d771a28069ac432cfb441438e1a1f159fe94cbb2aa550fb2cc47d7354e30275ce2df402774902c987ad9b9be900f3748281f13a30e9a
-
SSDEEP
3072:QoIcFr9LvJxaJ3e6ua0g0qcB2f/u80kcmU/C7eJBz4Jtu:dr9LvkbOqguxU6f4
Malware Config
Targets
-
-
Target
PrivateChat.exe
-
Size
120KB
-
MD5
5d4c5f3457c4487fe26df768ed8f3d2b
-
SHA1
f5f3df7d11e06dc158ac8183a8bde5895f8ea251
-
SHA256
19c393a4787d325984d850d8f02db1f302819b808952f72c332251d5d95f7c32
-
SHA512
793b8917ad068b77bcc7d771a28069ac432cfb441438e1a1f159fe94cbb2aa550fb2cc47d7354e30275ce2df402774902c987ad9b9be900f3748281f13a30e9a
-
SSDEEP
3072:QoIcFr9LvJxaJ3e6ua0g0qcB2f/u80kcmU/C7eJBz4Jtu:dr9LvkbOqguxU6f4
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-