chaos | d450d6bef77d5938c671693eba08fd6642e7f4bf376b3fef1d9d67a51ad05b2a | Triage

Submit
Reports

Overview

overview

Static

static

random.exe

windows11-21h2-x64

Sharing

General

Target

random.exe
Size

32KB
Sample

240812-azfhlaxakm
MD5

3b8203bedf765cfd612535bb466d0bfe
SHA1

20f138c28f8907e3886c908c222a7be3958e45f2
SHA256

d450d6bef77d5938c671693eba08fd6642e7f4bf376b3fef1d9d67a51ad05b2a
SHA512

e07f229e664c27375c35be7c431d5abbfae59ce8043b6e1e7144127f39b244b722e0102a833e91b566471e5fad2226260cb160af21adebce08eee1d48d912fa3
SSDEEP

384:33MLWHn3kIjla0JIbITNpOpoigXGJHr91CppZkM5hEMyeq:Dn3kIZJI8TNplj6Hr9OpZkM5hEBeq

Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

random.exe

Resource

win11-20240802-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows11-21h2-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  random.exe
- Size
  
  32KB
- MD5
  
  3b8203bedf765cfd612535bb466d0bfe
- SHA1
  
  20f138c28f8907e3886c908c222a7be3958e45f2
- SHA256
  
  d450d6bef77d5938c671693eba08fd6642e7f4bf376b3fef1d9d67a51ad05b2a
- SHA512
  
  e07f229e664c27375c35be7c431d5abbfae59ce8043b6e1e7144127f39b244b722e0102a833e91b566471e5fad2226260cb160af21adebce08eee1d48d912fa3
- SSDEEP
  
  384:33MLWHn3kIjla0JIbITNpOpoigXGJHr91CppZkM5hEMyeq:Dn3kIZJI8TNplj6Hr9OpZkM5hEBeq
Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

© 2018-2025

Terms | Privacy