General
-
Target
AFPS.rar
-
Size
10KB
-
Sample
240418-btmkdsfb34
-
MD5
c5a2787d870b9e4166fb34dd4175c746
-
SHA1
6cfb8e8fab40d38b4b8a959a7e9f381894b8a333
-
SHA256
9a6b116ac22ae3dbb7a2cf6030d5fb94535c528cf555e21f367e3ef4b7841535
-
SHA512
5b88e837e47b03b74cc075e46bc4e216dceddc886d3553cc3fa507329519d58f9b2d7b1cdf185f80017f3ccfa2d8c28aac0b313c3492c2b4acf180a3cabb637a
-
SSDEEP
192:KQwz1Rbm8fw+pshNT+RxOUcoUFB7IP5HSWnSCezURrDZOwAQmCdzTyFns:vwzTbJLWHiRrcoUvIPxS3CEURnZZoCdf
Malware Config
Targets
-
-
Target
AFPS.rar
-
Size
10KB
-
MD5
c5a2787d870b9e4166fb34dd4175c746
-
SHA1
6cfb8e8fab40d38b4b8a959a7e9f381894b8a333
-
SHA256
9a6b116ac22ae3dbb7a2cf6030d5fb94535c528cf555e21f367e3ef4b7841535
-
SHA512
5b88e837e47b03b74cc075e46bc4e216dceddc886d3553cc3fa507329519d58f9b2d7b1cdf185f80017f3ccfa2d8c28aac0b313c3492c2b4acf180a3cabb637a
-
SSDEEP
192:KQwz1Rbm8fw+pshNT+RxOUcoUFB7IP5HSWnSCezURrDZOwAQmCdzTyFns:vwzTbJLWHiRrcoUvIPxS3CEURnZZoCdf
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-