Extracted

• • Target

    dd52f625ebf11a32c79f2925bb2b6bd0

  • Size

    64KB

  • MD5

    dd52f625ebf11a32c79f2925bb2b6bd0

  • SHA1

    381c59f582f006702e1f797fb10cf0e412bb700a

  • SHA256

    41aec0ed3bc8bd1d989c22e50b447a88740505fed4113c0ebe4e1e1792fef3d5

  • SHA512

    49588a8bd9d59b1811332726207b8abc4c6f24918f0c8563e237467ad8450e8727a3f6f0677d8ec0917094df27acd46a59debcc40d8bea9d15956a9000a71254

  • SSDEEP

    1536:uOItYxqnAC6ph6ggxX4elW2GJYfGAQ61INw+:fI+xSL6CfxoZ2GJJAQw+

  Score

  10^/10

  chaosransomware

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2