Overview

overview

9

Static

static

7

Chaos V3/A...o).exe

windows10-1703-x64

4

Chaos V3/C...V3.exe

windows10-1703-x64

9

Chaos V3/d...ix.exe

windows10-1703-x64

7

Chaos V3/f...er.exe

windows10-1703-x64

4

Chaos V3/p...nd.exe

windows10-1703-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chaos V3.rar

  • Size

    18.9MB

  • Sample

    240425-tltmvacd69

  • MD5

    e993b89da61dadbd6a53e588a249c659

  • SHA1

    70dbc0a8b65596ed22a41a7df44365f3f52605c1

  • SHA256

    6dc7452115f902969b8a3fa2a25b9e1e52c9b2e6913b001b1839ca16e2c981fd

  • SHA512

    163349eca45fc2d08d1afafadda74a9ff6b34049c7340ef75a562ab4c6010427182a977a560cb250a6101a772cd5d817adba960c2f053660aa3d2b28cda6a7ef

  • SSDEEP

    393216:PzwOO23fGceaah+A/RmE1xlRxh5elwQNuyKzwELMDBiWBohnPsFtaj5Kmdet:P0OX36+YME1xlRcNvKUA0On0FtaQMet

Score
9/10
evasionpyinstallerthemidatrojan

Malware Config

Targets

    • Target

      Chaos V3/Anti-Crash (Anti-Crash method by 13ooeo).exe

    • Size

      6KB

    • MD5

      9e3727584d3c3d3f8071728378228118

    • SHA1

      c366d3017e3d71d49e5ad596be88ee7b9d183ae7

    • SHA256

      9731907ed2aa2c4ecd242edf582177cd87fde744ab4391675cc0b3d5d2d5df1e

    • SHA512

      7ae42a8aafcdb9df7a695da52557a4c132c68a97039701ab3516d6c7a4cd859a798b1ef4651879d8ada926841a4412a7e81ebec9b5009d585b4c990ae1527982

    • SSDEEP

      96:TFD8b1fph/kCo+AmdxirN1yR6PKYcD1UseL4VPNolhLzNt:ifphMCodmTirn46PKEL4VPNOhN

    Score
    4/10
    behavioral1

    • Target

      Chaos V3/Chaos Launcher V3.exe

    • Size

      11.6MB

    • MD5

      79dc609ecbdb99dbf1a1ac7c000f359a

    • SHA1

      15f976701f485e72152cc3c46b5dca7031d8d096

    • SHA256

      59ac5a002c49f7c18a8cbd7513e1bddcef8cd52a876c8a3dc7d19c24dc9aac1b

    • SHA512

      96b74056abf640bce4fed87d6203da9a114487a7442a8af9f6fec25f1d269c33917356719dad5bb3e9c7c96d6274cc5ba641f844414b545db4814ca52f439999

    • SSDEEP

      196608:QwKFg4oGJPM0OR5ToGI4ggGo9EaNuK/EcKak58wQMuHdoMRc8YFHLgZql+xVUH:lKg5GhMDR50p1IzRE8wxuHdhRpgHLgZM

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      Chaos V3/datamodelfix.exe

    • Size

      7.1MB

    • MD5

      9323fb177d81f3bfa6925196b9639716

    • SHA1

      2fdcc9dee0f88b630f787b0a27a4589fb43a61bf

    • SHA256

      183e5301fc86f084dff2e55ff32d090de62a411a07e4ea2bdb7a1af9085f7ac0

    • SHA512

      78d2c2f2b1cd88ea85eb09c4eedeb7d318bb0faee9afb8a08482ea8ca2a34e87a490a93f89099e6b931437955b436c6b2366f755cc84e98ba9dd7452cd1896e6

    • SSDEEP

      196608:tnodv8ZkLBoOdQmR/8Qnf2ODjMnGydScSEPw7s/ATw4:kqkLBoOdQAF3MnG3tO3/I

    Score
    7/10

    • Loads dropped DLL

    behavioral3

    • Target

      Chaos V3/fpsunlocker.exe

    • Size

      666KB

    • MD5

      f0c71376e55ba3c65942e90348169921

    • SHA1

      239085aa264e9eb743dde706231169820c32e03c

    • SHA256

      94f4140b6e7c3e73364205829da26479dad5257752c009dca4dec4a6ce9f9637

    • SHA512

      4ce20f764aac880362fbf9f9ade18c89e19eaa697e73cb08ce37b2eb25b3b655ec569de180c33ded00ca42147dd2c84d21b837224b318d56f258a6e881b6057f

    • SSDEEP

      12288:4KOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:4KyacgDD+4fwG1NaTSw

    Score
    4/10
    behavioral4

    • Target

      Chaos V3/pssuspend.exe

    • Size

      383KB

    • MD5

      1b9f1a75593dfc670fa7c54659ab5796

    • SHA1

      c9f0c40e012f8cfe20b1e5cd6a9a7b078e89a00b

    • SHA256

      95a922e178075fb771066db4ab1bd70c7016f794709d514ab1c7f11500f016cd

    • SHA512

      ab7b26ce5487af2a337cabfa16908ddf72bf1f6942675760e7decee874dd0f72fd47aa42bc442fe11f71fab03106c75db0234199974c7de84d1ed3f12a9b4788

    • SSDEEP

      6144:V/M1xPjrG1x+YgoglDni32wAO5GeLCfCsip9631L5qMbYd:W3PG1x+1+pBLCfCjGNqGY

    Score
    4/10
    behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

10
T1012

Peripheral Device Discovery

5
T1120

System Information Discovery

9
T1082

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks