chaos

General

Target

17466246215.zip
Size

163KB
Sample

240528-klpjfsch3w
MD5

5e00d32ebf8b6cd436fb3f59bdbf52f7
SHA1

62112e45df371a2fbbaf59ef96f63d47a7d43174
SHA256

15d5cf353d57cbb0624fe061293d45cf6b711cef569a8785d4225c340073e784
SHA512

6ac96c7af136aac2d3812867e6a77456ddd026a17f46275e3e73a6e5505170311cb303fb530d29ddeafb0a4a235eb5259bc1d0e457920017ab5d1756c51e0e4c
SSDEEP

3072:0wB2BNal6a5+6kHyCME1F6g6Iac7F+hqOU+CMBaGMaJTkDpW:0wB2BNal6a5bkEi6INwFCGaGMaJT6pW

Score

10^/10

Malware Config

Targets

- Target
  
  3469bb786be861e7d9afbfd51b1e6c31870d0b83272d085f59c25969bcaf1313
- Size
  
  440KB
- MD5
  
  77d67233128926082858536211d16c75
- SHA1
  
  f64cfe2bda7787646ca037f9422f8c2663032d42
- SHA256
  
  3469bb786be861e7d9afbfd51b1e6c31870d0b83272d085f59c25969bcaf1313
- SHA512
  
  777720b9d726ab673a1ee6a0ef16320cf7ce1855e6ded788da6b0182f831ed9546164168d5da78b0962c01ed5df539c7ab6f966a150defdc60ba205b32fc6c16
- SSDEEP
  
  6144:Tg8q9o9xLLZVDwYGrH7wVNJUWqIMJ4HnXckdymBh:Tg099LZVDwYGrbwPJtqINHnXPEmB
Score

10^/10

chaos defense_evasion evasion execution impact persistence ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2