chaos | 897a5aba27fb713b468c4788ef1a3b8bb4d595afbeb94a3caf7ad6ee11a02361 | Triage

Submit
Reports

Overview

overview

Static

static

software.exe

windows7-x64

software.exe

windows10-2004-x64

Sharing

General

Target

software.exe
Size

588KB
Sample

240720-jpan2ashlq
MD5

e7448d342d7e89f6fa442e0e1dc93c08
SHA1

4b42759041cb3a27318d063af1c9c1c8d35c6ef4
SHA256

897a5aba27fb713b468c4788ef1a3b8bb4d595afbeb94a3caf7ad6ee11a02361
SHA512

55750a59d25a1e127010fbd6fc05d0b9e5eafb331bf22f082a5d9f9dc0e601a792805de6b016344ac8763dfbad90f9ce87f205ef1df271a28cc015345d31f435
SSDEEP

6144:cr9iJVLaPXguyOiMV7BoV/q+qbJu2hTMKZwHNsp+l3QiiWKO+LL:haMOTV7BoVi+qbJueTRZn+l3QiOn

Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

software.exe

Resource

win7-20240708-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

20 signatures

300 seconds

Behavioral task

behavioral2

Sample

software.exe

Resource

win10v2004-20240709-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows10-2004-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  software.exe
- Size
  
  588KB
- MD5
  
  e7448d342d7e89f6fa442e0e1dc93c08
- SHA1
  
  4b42759041cb3a27318d063af1c9c1c8d35c6ef4
- SHA256
  
  897a5aba27fb713b468c4788ef1a3b8bb4d595afbeb94a3caf7ad6ee11a02361
- SHA512
  
  55750a59d25a1e127010fbd6fc05d0b9e5eafb331bf22f082a5d9f9dc0e601a792805de6b016344ac8763dfbad90f9ce87f205ef1df271a28cc015345d31f435
- SSDEEP
  
  6144:cr9iJVLaPXguyOiMV7BoV/q+qbJu2hTMKZwHNsp+l3QiiWKO+LL:haMOTV7BoVi+qbJueTRZn+l3QiOn
Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

behavioral2

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

© 2018-2025

Terms | Privacy