Overview

overview

10

Static

static

10

koala.exe

windows7-x64

10

koala.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    koala.exe

  • Size

    16KB

  • Sample

    240701-3apdeszcqr

  • MD5

    607bf2b302c3941815dc159e356f06fd

  • SHA1

    3d86bfc813a47dbede8f9420de418b2143e791e4

  • SHA256

    f4967fd913dc43ba20eeda786ce3da4119df5d86b4536c3b68f44c2ed09e42bf

  • SHA512

    1317171b290e0e0fc667d9b4210a34744e0b21416c56a7e56bc747851c6f1db375eb014b752ef304cd6527c5b288e49840ccf663b4a6e607afd1717653b095ea

  • SSDEEP

    192:fXiJtJHunl2t90RGfWYQy3G8dcInaoVE66XwsXglbr5i7amDC/sBHvWjJ1T5Fx/X:fCul2tpOfGG2vn+wH87Tc8HuLTUX

Score
10/10
chaospersistenceransomware

Malware Config

Targets

    • Target

      koala.exe

    • Size

      16KB

    • MD5

      607bf2b302c3941815dc159e356f06fd

    • SHA1

      3d86bfc813a47dbede8f9420de418b2143e791e4

    • SHA256

      f4967fd913dc43ba20eeda786ce3da4119df5d86b4536c3b68f44c2ed09e42bf

    • SHA512

      1317171b290e0e0fc667d9b4210a34744e0b21416c56a7e56bc747851c6f1db375eb014b752ef304cd6527c5b288e49840ccf663b4a6e607afd1717653b095ea

    • SSDEEP

      192:fXiJtJHunl2t90RGfWYQy3G8dcInaoVE66XwsXglbr5i7amDC/sBHvWjJ1T5Fx/X:fCul2tpOfGG2vn+wH87Tc8HuLTUX

    Score
    10/10
    chaospersistenceransomware

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Renames multiple (62) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks