General
-
Target
Chaos V3.rar
-
Size
18.9MB
-
Sample
240425-tltmvacd69
-
MD5
e993b89da61dadbd6a53e588a249c659
-
SHA1
70dbc0a8b65596ed22a41a7df44365f3f52605c1
-
SHA256
6dc7452115f902969b8a3fa2a25b9e1e52c9b2e6913b001b1839ca16e2c981fd
-
SHA512
163349eca45fc2d08d1afafadda74a9ff6b34049c7340ef75a562ab4c6010427182a977a560cb250a6101a772cd5d817adba960c2f053660aa3d2b28cda6a7ef
-
SSDEEP
393216:PzwOO23fGceaah+A/RmE1xlRxh5elwQNuyKzwELMDBiWBohnPsFtaj5Kmdet:P0OX36+YME1xlRcNvKUA0On0FtaQMet
Behavioral task
behavioral1
Sample
Chaos V3/Anti-Crash (Anti-Crash method by 13ooeo).exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Chaos V3/Chaos Launcher V3.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Chaos V3/datamodelfix.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Chaos V3/fpsunlocker.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Chaos V3/pssuspend.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
Chaos V3/Anti-Crash (Anti-Crash method by 13ooeo).exe
-
Size
6KB
-
MD5
9e3727584d3c3d3f8071728378228118
-
SHA1
c366d3017e3d71d49e5ad596be88ee7b9d183ae7
-
SHA256
9731907ed2aa2c4ecd242edf582177cd87fde744ab4391675cc0b3d5d2d5df1e
-
SHA512
7ae42a8aafcdb9df7a695da52557a4c132c68a97039701ab3516d6c7a4cd859a798b1ef4651879d8ada926841a4412a7e81ebec9b5009d585b4c990ae1527982
-
SSDEEP
96:TFD8b1fph/kCo+AmdxirN1yR6PKYcD1UseL4VPNolhLzNt:ifphMCodmTirn46PKEL4VPNOhN
Score4/10 -
-
-
Target
Chaos V3/Chaos Launcher V3.exe
-
Size
11.6MB
-
MD5
79dc609ecbdb99dbf1a1ac7c000f359a
-
SHA1
15f976701f485e72152cc3c46b5dca7031d8d096
-
SHA256
59ac5a002c49f7c18a8cbd7513e1bddcef8cd52a876c8a3dc7d19c24dc9aac1b
-
SHA512
96b74056abf640bce4fed87d6203da9a114487a7442a8af9f6fec25f1d269c33917356719dad5bb3e9c7c96d6274cc5ba641f844414b545db4814ca52f439999
-
SSDEEP
196608:QwKFg4oGJPM0OR5ToGI4ggGo9EaNuK/EcKak58wQMuHdoMRc8YFHLgZql+xVUH:lKg5GhMDR50p1IzRE8wxuHdhRpgHLgZM
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Chaos V3/datamodelfix.exe
-
Size
7.1MB
-
MD5
9323fb177d81f3bfa6925196b9639716
-
SHA1
2fdcc9dee0f88b630f787b0a27a4589fb43a61bf
-
SHA256
183e5301fc86f084dff2e55ff32d090de62a411a07e4ea2bdb7a1af9085f7ac0
-
SHA512
78d2c2f2b1cd88ea85eb09c4eedeb7d318bb0faee9afb8a08482ea8ca2a34e87a490a93f89099e6b931437955b436c6b2366f755cc84e98ba9dd7452cd1896e6
-
SSDEEP
196608:tnodv8ZkLBoOdQmR/8Qnf2ODjMnGydScSEPw7s/ATw4:kqkLBoOdQAF3MnG3tO3/I
Score7/10-
Loads dropped DLL
-
-
-
Target
Chaos V3/fpsunlocker.exe
-
Size
666KB
-
MD5
f0c71376e55ba3c65942e90348169921
-
SHA1
239085aa264e9eb743dde706231169820c32e03c
-
SHA256
94f4140b6e7c3e73364205829da26479dad5257752c009dca4dec4a6ce9f9637
-
SHA512
4ce20f764aac880362fbf9f9ade18c89e19eaa697e73cb08ce37b2eb25b3b655ec569de180c33ded00ca42147dd2c84d21b837224b318d56f258a6e881b6057f
-
SSDEEP
12288:4KOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:4KyacgDD+4fwG1NaTSw
Score4/10 -
-
-
Target
Chaos V3/pssuspend.exe
-
Size
383KB
-
MD5
1b9f1a75593dfc670fa7c54659ab5796
-
SHA1
c9f0c40e012f8cfe20b1e5cd6a9a7b078e89a00b
-
SHA256
95a922e178075fb771066db4ab1bd70c7016f794709d514ab1c7f11500f016cd
-
SHA512
ab7b26ce5487af2a337cabfa16908ddf72bf1f6942675760e7decee874dd0f72fd47aa42bc442fe11f71fab03106c75db0234199974c7de84d1ed3f12a9b4788
-
SSDEEP
6144:V/M1xPjrG1x+YgoglDni32wAO5GeLCfCsip9631L5qMbYd:W3PG1x+1+pBLCfCjGNqGY
Score4/10 -