General
-
Target
Computer Raper.exe
-
Size
85.4MB
-
Sample
240415-rtx9wsgf63
-
MD5
bdb24ed9f869fcd462b316148514fc5b
-
SHA1
83935122b626378a3149e9036cd751514add4b52
-
SHA256
83875ea85b183c609c5ddcd92afe62265745192a417b80524f12741fc028aca0
-
SHA512
12fdb77a75debeacbc4b98cac45d09a7bcc378bd9bd51bbc035838b99c1d595660d5c0961a2d041b2e8359f3b5b096f589d39453ada9874436411b94b8b0d611
-
SSDEEP
1572864:NUkskQ1oOZrCqix58TkbajhXBFEQT9VotzcJ97:N/NQbCbmXXEUvoM97
Static task
static1
Behavioral task
behavioral1
Sample
Computer Raper.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Computer Raper.exe
-
Size
85.4MB
-
MD5
bdb24ed9f869fcd462b316148514fc5b
-
SHA1
83935122b626378a3149e9036cd751514add4b52
-
SHA256
83875ea85b183c609c5ddcd92afe62265745192a417b80524f12741fc028aca0
-
SHA512
12fdb77a75debeacbc4b98cac45d09a7bcc378bd9bd51bbc035838b99c1d595660d5c0961a2d041b2e8359f3b5b096f589d39453ada9874436411b94b8b0d611
-
SSDEEP
1572864:NUkskQ1oOZrCqix58TkbajhXBFEQT9VotzcJ97:N/NQbCbmXXEUvoM97
Score10/10-
Chimera
Ransomware which infects local and network files, often distributed via Dropbox links.
-
Chimera Ransomware Loader DLL
Drops/unpacks executable file which resembles Chimera's Loader.dll.
-
mimikatz is an open source tool to dump credentials on Windows
-
Modifies Windows Firewall
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1