chimera

General

Target

tyler.jpg
Size

47KB
Sample

240827-st9tcsyhjm
MD5

a4e8e2d3b2f54a7d91f73f25280e29f4
SHA1

77ecb0a6391a72b0deba66b651adc70aa9e31e97
SHA256

67b2c63de52b106cb5067d162d231d04d9a4c977b470014b8bd7e3142451c0c7
SHA512

5c100af3d55901a5aff5c53490c797b243315cd66a2c319cdbcd1b15308470fcda987222bf236ef415fdd35cd0803b9b08aac8843d2d9fcdbf1f79d4e5fadb48
SSDEEP

768:HDZyIdPap+jg0263KE+lP2CDvz9IT7S+uulO+M0+Kd4d9gg770gde4avcC+8JnGs:HDRdPE+kA6EO2O+z5lfV+KdA9gg7Y4a5

Score

10^/10

Malware Config

Targets

- Target
  
  tyler.jpg
- Size
  
  47KB
- MD5
  
  a4e8e2d3b2f54a7d91f73f25280e29f4
- SHA1
  
  77ecb0a6391a72b0deba66b651adc70aa9e31e97
- SHA256
  
  67b2c63de52b106cb5067d162d231d04d9a4c977b470014b8bd7e3142451c0c7
- SHA512
  
  5c100af3d55901a5aff5c53490c797b243315cd66a2c319cdbcd1b15308470fcda987222bf236ef415fdd35cd0803b9b08aac8843d2d9fcdbf1f79d4e5fadb48
- SSDEEP
  
  768:HDZyIdPap+jg0263KE+lP2CDvz9IT7S+uulO+M0+Kd4d9gg770gde4avcC+8JnGs:HDRdPE+kA6EO2O+z5lfV+KdA9gg7Y4a5
Score

10^/10

chimera discovery persistence ransomware spyware stealer
- Chimera
  Ransomware which infects local and network files, often distributed via Dropbox links.
  ransomware chimera
- Chimera Ransomware Loader DLL
  Drops/unpacks executable file which resembles Chimera's Loader.dll.
  ransomware
- Renames multiple (2756) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1