Extracted

• • Target

    C11Setup.exe

  • Size

    301KB

  • MD5

    4e152950dbe9658a565dea998bfc338e

  • SHA1

    1b41b4216fa38b4e85b792d8d5533756803282e4

  • SHA256

    0d27312c50a44775899c2d76c11e7d7a33180aa6f7041f1dd83b6af3e772527c

  • SHA512

    e0d580ece9403ee153f77fdac62e5d028d6633e48a850ef82d2576a5ab9da998a37c59231ce1ff1472af0174b00153aa754f7639268e5f1815e9896e13f1c0c3

  • SSDEEP

    3072:g3kavQ3r9irIKH11poMiMiHuZDLWSYR7c2ytBcL5BdkwvTkmEd:YvMr9irIavaNdWwvqd

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1