Extracted

• • Target

    a54a38a9aab0bde31b2065d8b88a8e6569cc66c3f6137379b6b5a62361c319f0.exe

  • Size

    417KB

  • MD5

    3dc9bad7720a01598aa14e55baca7413

  • SHA1

    99668a82a34ec17340fccecbc2ef0985b84704a0

  • SHA256

    a54a38a9aab0bde31b2065d8b88a8e6569cc66c3f6137379b6b5a62361c319f0

  • SHA512

    567581747132d56595c719e4d454bf6e73ba941581701b28287559f899ea5813a0abb7ff2df25cb3d7c99d3203c8a8ab361ea37b3b8e8392748fb855ee4cbaba

  • SSDEEP

    6144:Jr9Zzp4MmFrxodIFRfiM6baHcgrRS8gPFYTdOjbGXypU5:Jp4MmxxhfiMzcyRQFYTdqTa

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2