chimera | 9165ba41f87182c5d0b35d44da7f57bae304dd7e148dbd3b8803bf772b69ed02 | Triage

Submit
Reports

Overview

overview

Static

static

1

The-MALWARE-Repo

windows7-x64

1

The-MALWARE-Repo

windows10-2004-x64

Sharing

General

Target

The-MALWARE-Repo
Size

296KB
Sample

240802-x9f87ssbne
MD5

3b4c9813b9b4d3cdd4323d05ec9f43f7
SHA1

c969b185309f49b508110bb1782f597dff1ecbf9
SHA256

9165ba41f87182c5d0b35d44da7f57bae304dd7e148dbd3b8803bf772b69ed02
SHA512

777c8f18984bb5698ddaf5413b9a7c22a1b67b14178ec3c56a652e849218f7084c4e18858c868dfa1669ab3e1b2a54e11690b50d6fc0a94f00f78850abb97261
SSDEEP

6144:adfo4Q3uokeOvHS1d1+sNs8wbiWQQ9DvZJT3CqbMrhryf65NRPaCieMjAkvCJv1Y:ao4Q3uokeOvHS1d1+sNs8wbiWQQ9DvZT

Score

10^/10

chimera discovery ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

The-MALWARE-Repo

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

The-MALWARE-Repo

Resource

win10v2004-20240802-en

chimera discovery ransomware spyware stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  The-MALWARE-Repo
- Size
  
  296KB
- MD5
  
  3b4c9813b9b4d3cdd4323d05ec9f43f7
- SHA1
  
  c969b185309f49b508110bb1782f597dff1ecbf9
- SHA256
  
  9165ba41f87182c5d0b35d44da7f57bae304dd7e148dbd3b8803bf772b69ed02
- SHA512
  
  777c8f18984bb5698ddaf5413b9a7c22a1b67b14178ec3c56a652e849218f7084c4e18858c868dfa1669ab3e1b2a54e11690b50d6fc0a94f00f78850abb97261
- SSDEEP
  
  6144:adfo4Q3uokeOvHS1d1+sNs8wbiWQQ9DvZJT3CqbMrhryf65NRPaCieMjAkvCJv1Y:ao4Q3uokeOvHS1d1+sNs8wbiWQQ9DvZT
Score

10^/10

chimera discovery ransomware spyware stealer
- Chimera
  Ransomware which infects local and network files, often distributed via Dropbox links.
  ransomware chimera
- Chimera Ransomware Loader DLL
  Drops/unpacks executable file which resembles Chimera's Loader.dll.
  ransomware
- Renames multiple (3273) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

chimeradiscoveryransomwarespywarestealer

© 2018-2024

Terms | Privacy