chaos | b03d1cb5b7a1f632e83f557a6a5e993bb40b81b1e2dbf3383ead13782b0aef27 | Triage

Submit
Reports

Overview

overview

Static

static

3ea6df1849...ac.exe

windows7-x64

3ea6df1849...ac.exe

windows10-2004-x64

Sharing

General

Target

b03d1cb5b7a1f632e83f557a6a5e993bb40b81b1e2dbf3383ead13782b0aef27
Size

102KB
Sample

240417-r3rhpsce84
MD5

e29555fabb15cc6cd98e6ac846554d19
SHA1

fec74e4b2ea24575778bc848268f67344f56bb00
SHA256

b03d1cb5b7a1f632e83f557a6a5e993bb40b81b1e2dbf3383ead13782b0aef27
SHA512

082cea2c06206d83e3c92db41a952aed394b304eed867ef17b0bfdce169109d45dc39ec5a0aebbb04e9cfcc20b7df83016e1d37b0dd4bd9b1b64758a145375ad
SSDEEP

3072:qPxMnA2+lXMqRq6mlaRXtTlrT7443qhAgX5CuxJj7qK:W2nAtHQlSl74VAgXXGK

Score

10^/10

chaos evasion persistence ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac.exe

Resource

win7-20240215-en

chaos evasion persistence ransomware spyware stealer

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac.exe

Resource

win10v2004-20240412-en

chaos evasion persistence ransomware spyware stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac.exe
- Size
  
  282KB
- MD5
  
  08c7ff3a65f703d12fc644b63dff19d5
- SHA1
  
  f38e8932f4c88c1fd801696267924c6767155028
- SHA256
  
  3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac
- SHA512
  
  367761edc864129ae074b503a12dc339255ae8cebeb21eb45c1e5083351cacfcb0cd0589e66f18c9b2769c73169305871c5dfe012d45aedb18fa1a866369b4bb
- SSDEEP
  
  3072:16biq9hBxqDhNiMLbfyU9+SHfZLoL9oic6VlQbuKGOQzEjQVnDnRM4n9gQ:1kiq9H8DLVLbf9r/ZLr6YbuC0hRZ9g
Score

10^/10

chaos evasion persistence ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

chaosevasionpersistenceransomwarespywarestealer

behavioral2

chaosevasionpersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy