General
-
Target
c3f0bfffe865e3b8de9cb96dada72c743bec39626010d9ebe926c9d326b56fdc.bin.sample
-
Size
147KB
-
Sample
240625-na98kawekf
-
MD5
b12ba245044aebefd213e83d96bbe30e
-
SHA1
13dd3338a25156109ba6957d05d5639d8e12d275
-
SHA256
c3f0bfffe865e3b8de9cb96dada72c743bec39626010d9ebe926c9d326b56fdc
-
SHA512
e7865415f12621d4a327ba2d7741a6f9354a758c2d7727d081e4b2787e9d01b971f8c4693dd7540f982a15de668f9596e25f13900d7d6fb5de04be199ec4d682
-
SSDEEP
3072:5o8RI41lgr9x+panT9OmELeyWGccgdkguuZ/0t9Fk20Jh2cLkZDqlkya2:DI4gr9x+SxOxWndwuZ/0nFDKLR8
Malware Config
Targets
-
-
Target
c3f0bfffe865e3b8de9cb96dada72c743bec39626010d9ebe926c9d326b56fdc.bin.sample
-
Size
147KB
-
MD5
b12ba245044aebefd213e83d96bbe30e
-
SHA1
13dd3338a25156109ba6957d05d5639d8e12d275
-
SHA256
c3f0bfffe865e3b8de9cb96dada72c743bec39626010d9ebe926c9d326b56fdc
-
SHA512
e7865415f12621d4a327ba2d7741a6f9354a758c2d7727d081e4b2787e9d01b971f8c4693dd7540f982a15de668f9596e25f13900d7d6fb5de04be199ec4d682
-
SSDEEP
3072:5o8RI41lgr9x+panT9OmELeyWGccgdkguuZ/0t9Fk20Jh2cLkZDqlkya2:DI4gr9x+SxOxWndwuZ/0nFDKLR8
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-