General
-
Target
main.exe
-
Size
330KB
-
Sample
240423-crlezsbf71
-
MD5
3736a823e68e0624d6a97e26404912c9
-
SHA1
3dc5eac263f2a10eefe1f4d16932623aabdcecc3
-
SHA256
b7e12bf54356d831e3d7b5e10b0c1782a3e2feb29dd6ed3857c3922d2b48c7c1
-
SHA512
902955e4c95a5d8840b0ced7cfb4838b59a75f5a87ec694d426c01476c3f64974039d4f6310464777adc78d433a0dd455092db0a8d27381146351be931143cfb
-
SSDEEP
6144:GB4Rr95aqSX2mLCHpdgwNNMLv6Cwm33BL5uK8v:GB4ARX2mLCJdgwNNWg8BLAK8v
Malware Config
Targets
-
-
Target
main.exe
-
Size
330KB
-
MD5
3736a823e68e0624d6a97e26404912c9
-
SHA1
3dc5eac263f2a10eefe1f4d16932623aabdcecc3
-
SHA256
b7e12bf54356d831e3d7b5e10b0c1782a3e2feb29dd6ed3857c3922d2b48c7c1
-
SHA512
902955e4c95a5d8840b0ced7cfb4838b59a75f5a87ec694d426c01476c3f64974039d4f6310464777adc78d433a0dd455092db0a8d27381146351be931143cfb
-
SSDEEP
6144:GB4Rr95aqSX2mLCHpdgwNNMLv6Cwm33BL5uK8v:GB4ARX2mLCJdgwNNWg8BLAK8v
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-