chaos

Resubmissions

09-08-2024 19:49

240809-yj7h5s1dqd 10

03-08-2024 21:46

240803-1mxt8awekk 10

03-08-2024 21:21

240803-z7bbaazfne 10

Sharing

Copy URL

Twitter E-mail

General

Target

quantum.exe
Size

417KB
Sample

240809-yj7h5s1dqd
MD5

3dc9bad7720a01598aa14e55baca7413
SHA1

99668a82a34ec17340fccecbc2ef0985b84704a0
SHA256

a54a38a9aab0bde31b2065d8b88a8e6569cc66c3f6137379b6b5a62361c319f0
SHA512

567581747132d56595c719e4d454bf6e73ba941581701b28287559f899ea5813a0abb7ff2df25cb3d7c99d3203c8a8ab361ea37b3b8e8392748fb855ee4cbaba
SSDEEP

6144:Jr9Zzp4MmFrxodIFRfiM6baHcgrRS8gPFYTdOjbGXypU5:Jp4MmxxhfiMzcyRQFYTdqTa

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Documents\welp.txt

Ransom Note

Hello there! All your files are encrypted, but do not worry, if you're not poor that is. If you send us 50$ worth of Bitcoin, you will get a key that will decrypt all your files! Yipeeeee! Contact us at [email protected] After you send the $50 worth of BTC to the wallet, you will receive the key. Don't try to use any third party software to decrypt your files if you don't want to lose all your data.

Emails

[email protected]

Targets

- Target
  
  quantum.exe
- Size
  
  417KB
- MD5
  
  3dc9bad7720a01598aa14e55baca7413
- SHA1
  
  99668a82a34ec17340fccecbc2ef0985b84704a0
- SHA256
  
  a54a38a9aab0bde31b2065d8b88a8e6569cc66c3f6137379b6b5a62361c319f0
- SHA512
  
  567581747132d56595c719e4d454bf6e73ba941581701b28287559f899ea5813a0abb7ff2df25cb3d7c99d3203c8a8ab361ea37b3b8e8392748fb855ee4cbaba
- SSDEEP
  
  6144:Jr9Zzp4MmFrxodIFRfiM6baHcgrRS8gPFYTdOjbGXypU5:Jp4MmxxhfiMzcyRQFYTdqTa
Score

10^/10

chaos ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1