Extracted

• • Target

    Encrypter_protected.exe

  • Size

    1.9MB

  • MD5

    753dd955052999e94e9b4defc316c92d

  • SHA1

    49e5fee7f9acc3eb5253744d789ea43dd67b11eb

  • SHA256

    dfd96d2413181b137eaa22f2feeda2291f93a99404f327772b52ac98dc5eef60

  • SHA512

    e28b03bd990e4d0a500f50a57bfa026c4081374b98d3cad969a941354cf47c0258b23de133c8e3b490a44662aabbca69246e0372c130b868dc421778a0d3b7c8

  • SSDEEP

    49152:3DJk+6MbP/ZyRemj4rH3R/Y/4w6wL73WvXyXo:zJpPxysmjCB/YmwuvX6o

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2