Extracted

• • Target

    C11Setup.exe

  • Size

    301KB

  • MD5

    7b3efaefb41b7136502139438a6968e4

  • SHA1

    84b25e639e5e1ee0519d5731a7810e0a312f3010

  • SHA256

    329dc7144e9e0e49aa9b7e3d495eb2a329579ea9d68249f93c3942179ece3cf6

  • SHA512

    62646bdbfa3ca43327885c93f2b6821f1f3c896791a147aa0981f1be269cc19eb77050f0305d0ac3c1db8e868894523d785c8b7059d264d9fb653c4d47357777

  • SSDEEP

    3072:D3kcMHr9irIKH11poMiMiHuZDLJ2YR7c2ytBcL5BdkwvTkmEd:hEr9irIava+ZWwvqd

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1