chaos | c423bd973d16de69ee63ff5321c3e2cbc5dd4fcf6c30a9e4e2fdb752449a26b9 | Triage

Submit
Reports

Overview

overview

Static

static

main.exe

windows7-x64

main.exe

windows10-2004-x64

Sharing

General

Target

main.exe
Size

537KB
Sample

240719-w6tvfstgqn
MD5

db63c855e1a1f5ee8bbeb93a5c6a94d3
SHA1

bb88714fddab5ebf931141b831954d99b91d2394
SHA256

c423bd973d16de69ee63ff5321c3e2cbc5dd4fcf6c30a9e4e2fdb752449a26b9
SHA512

0045bcd3d07da072aae92f508a806b529e6eb2d62d9c09eef85208a3083a4d9748a9d74346561f151d0b4e6e8bfba78ff8f80ae35fc717709ff3a25ce71b3172
SSDEEP

12288:Pq4W8F32U2rKrMtiDUsZL6g+e8gk255H63:PzmVK4MULLy5B

Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

main.exe

Resource

win7-20240704-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

main.exe

Resource

win10v2004-20240709-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  537KB
- MD5
  
  db63c855e1a1f5ee8bbeb93a5c6a94d3
- SHA1
  
  bb88714fddab5ebf931141b831954d99b91d2394
- SHA256
  
  c423bd973d16de69ee63ff5321c3e2cbc5dd4fcf6c30a9e4e2fdb752449a26b9
- SHA512
  
  0045bcd3d07da072aae92f508a806b529e6eb2d62d9c09eef85208a3083a4d9748a9d74346561f151d0b4e6e8bfba78ff8f80ae35fc717709ff3a25ce71b3172
- SSDEEP
  
  12288:Pq4W8F32U2rKrMtiDUsZL6g+e8gk255H63:PzmVK4MULLy5B
Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

behavioral2

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

© 2018-2025

Terms | Privacy