General
-
Target
230815-qwaqyaba29
-
Size
27KB
-
Sample
240402-d82zqsfe6x
-
MD5
f680f45e190c032931f189ab71caecbc
-
SHA1
02b52470aabee1a8f2700d902e249bf19ec0d945
-
SHA256
05efe778c9253dc647b2667b4c821426a427607d3676e1d03a7e02c5b1e7279c
-
SHA512
5647471f0fb9c01f7dd1767fafac4e40409fefac241caa4f64d86e42b7705f623a1cc7be49388dda76144261a3a7d3c42dd04ef134983ef15de0c10ddaef3294
-
SSDEEP
384:3tWZPzzxAm1vaohWAdZ71+kezxBSKrvylvOy5o91z1rxYlf82vi:O7zxAmphxdZgke26Aho9dre826
Malware Config
Targets
-
-
Target
230815-qwaqyaba29
-
Size
27KB
-
MD5
f680f45e190c032931f189ab71caecbc
-
SHA1
02b52470aabee1a8f2700d902e249bf19ec0d945
-
SHA256
05efe778c9253dc647b2667b4c821426a427607d3676e1d03a7e02c5b1e7279c
-
SHA512
5647471f0fb9c01f7dd1767fafac4e40409fefac241caa4f64d86e42b7705f623a1cc7be49388dda76144261a3a7d3c42dd04ef134983ef15de0c10ddaef3294
-
SSDEEP
384:3tWZPzzxAm1vaohWAdZ71+kezxBSKrvylvOy5o91z1rxYlf82vi:O7zxAmphxdZgke26Aho9dre826
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (179) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-