chaos | 438764714bb650393cdeba7bfa9e0ba039cd566fc35e4565dc2855d1e086f16d | Triage

Submit
Reports

Overview

overview

Static

static

438764714b...6d.exe

windows7-x64

438764714b...6d.exe

windows10-2004-x64

Sharing

General

Target

438764714bb650393cdeba7bfa9e0ba039cd566fc35e4565dc2855d1e086f16d
Size

32KB
Sample

240812-an2xfs1arc
MD5

aec65cd697c52926d76f888c0f1958b2
SHA1

603b2537703cfc6c4addf8ef1480ce33601f6117
SHA256

438764714bb650393cdeba7bfa9e0ba039cd566fc35e4565dc2855d1e086f16d
SHA512

c1a5d23b5cd9b378a6031c6ca1bfe65da424bb60c9e404401ca139eee1a3e6f78fc1bae1f38e493ccd3fcaa7b905b6caab2a36d19648acf76e63874df48278a4
SSDEEP

384:h3MLWHn3kI9a0JI8ITMpypoGroX3Jxr91CppZkM5hEM5eF:hn3kItJInTMpxMs5xr9OpZkM5hE2eF

Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

438764714bb650393cdeba7bfa9e0ba039cd566fc35e4565dc2855d1e086f16d.exe

Resource

win7-20240704-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

438764714bb650393cdeba7bfa9e0ba039cd566fc35e4565dc2855d1e086f16d.exe

Resource

win10v2004-20240802-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  438764714bb650393cdeba7bfa9e0ba039cd566fc35e4565dc2855d1e086f16d
- Size
  
  32KB
- MD5
  
  aec65cd697c52926d76f888c0f1958b2
- SHA1
  
  603b2537703cfc6c4addf8ef1480ce33601f6117
- SHA256
  
  438764714bb650393cdeba7bfa9e0ba039cd566fc35e4565dc2855d1e086f16d
- SHA512
  
  c1a5d23b5cd9b378a6031c6ca1bfe65da424bb60c9e404401ca139eee1a3e6f78fc1bae1f38e493ccd3fcaa7b905b6caab2a36d19648acf76e63874df48278a4
- SSDEEP
  
  384:h3MLWHn3kI9a0JI8ITMpypoGroX3Jxr91CppZkM5hEM5eF:hn3kItJInTMpxMs5xr9OpZkM5hE2eF
Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

behavioral2

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

© 2018-2025

Terms | Privacy