chaos

General

Target

pack.rar
Size

50KB
Sample

240429-j8l66see9v
MD5

e577756b47b67d68f13887db3739768d
SHA1

5732244c1029a30c2f915c546e1de551c45a06aa
SHA256

71bfe1f26a98e152344fe5687db229da90e9ba8475cb3804a78a0f46152ba0bf
SHA512

24807c2a544c97e977a18096225545828bcc070e036c3d5c1557d53471c4b0399d815df675be338aeed84c5d201274d394b6a64371eb4ab8a099da46040a50cb
SSDEEP

1536:UWMdgrnhBCmIpd1DFTjsPLXw9YC0RgK5dgt3:UWMdgrGzd5d4XaYC+FP4

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Documents\read_it.txt

Ransom Note

!!! ATTENTION !!! Your device has been locked by our ransomware. To regain access to your device and your files, you must pay a ransom of : $100 USD in Bitcoin. Bitcoin Address: bc1qgk07vhn53ws7khy3840gjjvlw7qgzftfjgweq2 Once payment is made, please send an email to [email protected] with the transaction ID as proof of payment. Upon confirmation of your payment, you will receive instructions on how to unlock your device. !!! ATTENTION !!!

Emails

[email protected]

Targets

- Target
  
  pack.rar
- Size
  
  50KB
- MD5
  
  e577756b47b67d68f13887db3739768d
- SHA1
  
  5732244c1029a30c2f915c546e1de551c45a06aa
- SHA256
  
  71bfe1f26a98e152344fe5687db229da90e9ba8475cb3804a78a0f46152ba0bf
- SHA512
  
  24807c2a544c97e977a18096225545828bcc070e036c3d5c1557d53471c4b0399d815df675be338aeed84c5d201274d394b6a64371eb4ab8a099da46040a50cb
- SSDEEP
  
  1536:UWMdgrnhBCmIpd1DFTjsPLXw9YC0RgK5dgt3:UWMdgrGzd5d4XaYC+FP4
Score

3^/10
behavioral1
- Target
  
  pack/Decrypter.exe
- Size
  
  218KB
- MD5
  
  97f3854d27d9f5d8f9b15818237894d5
- SHA1
  
  e608608d59708ef58102a3938d9117fa864942d9
- SHA256
  
  fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2
- SHA512
  
  25d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696
- SSDEEP
  
  1536:PJG/sX9Ik6sq2njM9qRYxSKCxly16Pn6RikC:PJG/sX9i2YcRPm16Pn6ckC
Score

7^/10

ransomware spyware stealer
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral2
- Target
  
  pack/cho2.exe
- Size
  
  22KB
- MD5
  
  29fa75458106f03a11560ca466363129
- SHA1
  
  89db6502c8170f260b48d80ee0ece3380ba77eb5
- SHA256
  
  3f5ade39f3658b6da93987f7ba7dba38d7d94096638ef9f3565790e6ab73eef7
- SHA512
  
  28a58b096f560ac4cd03b96f77f7e0cbe7e96c4fb56fb6758c3e4ff7304e3ae4e0db35570f69070c676e45143dedb7be50556bc80f38364400ea2d43bec99188
- SSDEEP
  
  384:j3Mg/bqo2uOv0tpDnqp+Ao4+X0Z/dJZr91C8OWh0et:Vqo2BDp+J4+kRrZr9hLyet
Score

10^/10

chaos evasion ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral3
- Target
  
  pack/privateKey.chaos
- Size
  
  1KB
- MD5
  
  0d192c21ea5ea6edbc046fa6217567c4
- SHA1
  
  6b648a7adb79a19fd095b9e951477458577721f7
- SHA256
  
  b065bc372314f2a606da7c3cd2264bb25a3576a7067095e141eee2e5e4258ec1
- SHA512
  
  8faf5559d904d190278662a31d820adcf1f112fde1946422099735b4e6348c7ebbd9153cb9e6eb84ecbee1075320c6b0ea77f141363d0bf1df8106bd37055a22
Score

1^/10
behavioral4
- Target
  
  pack/publicKey.chaos
- Size
  
  397B
- MD5
  
  2e232ebbe224269490bd1c7f5782c87a
- SHA1
  
  ecb172e020e9bbe8b02283750488d767f81776ef
- SHA256
  
  932c42f739cd975a3bfc360fa1876265d45e9e8124faa7d18d36796f310204ba
- SHA512
  
  c3f9d274cab96708d9ac8cf485662f0559a2e5e359a1e8a12c36ebdbbe01511ccb3fd8ee016efaf3a78a5a9f3c02ad8c3cf81ee12203a9694fbca7fa6b4fca8b
Score

1^/10
behavioral5