Extracted

• • Target

    Encrypter_protected.exe

  • Size

    1.8MB

  • MD5

    46826cf0a3b38a11ec5b0499561e8c83

  • SHA1

    1d027ff751ca85c54562071fcf06f89903807781

  • SHA256

    544deae2250cf2af18927bd25558a889203cb601efa171f15d550cf28f613978

  • SHA512

    451ce4e46c0d21cf93bc2f1d58994b81f4c78c0f9cb4b1f28546d5a52f1a4a50f406cc41f29b904a08e62593d4709b5724eed185a97d6c28e6d07f189aa87953

  • SSDEEP

    24576:9JTJfZITY6zD6yoss/khmiSWsHXfbGQ+YGhGaBedl0uSRhWbZwJ48W1kf6jLEXy3:9jxIU6XxosWjbWsvbqeBSI2CXEXEL

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2