chaos

General

Target

1.zip
Size

78KB
Sample

240412-lr6klacd6s
MD5

daa45aae87cc8834a9888bd6e0a78710
SHA1

d15bbaa19f1a2836b6e1ad7f21fcc1bb9933723f
SHA256

cac13216f258b46462a963e984a57d0b34fe53cde02b8190a8afb5e9119a9ca0
SHA512

caeb0599289089cc92076577edbf790b5bdc6694e9e86f1dc30e56e360cea62baaf63480f26343eac35a665df701ce9ab49554a8975997aba182241aa61ea9aa
SSDEEP

1536:RBhbXvb8hoJrhUH2vOAeocNo6BRCV/7FHcWZvQRXRsrgKlmx3D:R3vTrdOAMo5pKXRwlG

Score

10^/10

Malware Config

Targets

- Target
  
  Antivirus.exe
- Size
  
  111KB
- MD5
  
  df1ce61fb4869963a1e95a917adef9d0
- SHA1
  
  bcf132651a5bd948e758441e4733519d1502c8bf
- SHA256
  
  e58bf0a81866c21e25dbe8f85fd74304259be3e1b53019f857c2354e23f71b1e
- SHA512
  
  d2867e1b00900098674f1a87653a9f016911649162c66f0eab67336f758a6611a497bc21a6cbe336bbc2464212bfec59e991b99aa92777ad2250e72b4e17888b
- SSDEEP
  
  3072:CB7q9NKEXUrQlGRSAMHsEwGYMl9AYGywOjvOjJ:CB7q9CQ8hMs7GpKPOaj
Score

10^/10

chaos discovery evasion persistence ransomware spyware stealer upx
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (154) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1