chimera | 97f3aabf9445d243dccfe0a8e0662d279e2d77f0ad88e75ec44496af748e6eea | Triage

Submit
Reports

Overview

overview

Static

static

1

bipecdki.jpg

windows10-1703-x64

4

bipecdki.jpg

windows11-21h2-x64

Sharing

General

Target

bipecdki.jpg
Size

183KB
Sample

240905-j4kgsawdmj
MD5

ef16ee90b57cac3eac93811f5e419274
SHA1

50bbd97e169875d7b5a5a6b74972e5d6f505e4aa
SHA256

97f3aabf9445d243dccfe0a8e0662d279e2d77f0ad88e75ec44496af748e6eea
SHA512

4186aa8b555e7bbe0c64b1b1353760356f260fee47e1e377e7f1958f5e02d47e20a6641189e85f725a3d2f145855c14df4a31da12156dca00a608c543682e5d9
SSDEEP

3072:9a5BgRtc2wC5sh7oQ260QkY9KNuraPk2Ziig7tmDL00ksXLpukZ/KEqSEfYKI:9sgRtc2Ky+jlijdLxnKYf

Score

10^/10

chimera defense_evasion discovery ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

bipecdki.jpg

Resource

win10-20240404-en

windows10-1703-x64

8 signatures

1800 seconds

Behavioral task

behavioral2

Sample

bipecdki.jpg

Resource

win11-20240802-en

chimera defense_evasion discovery ransomware spyware stealer

windows11-21h2-x64

26 signatures

1800 seconds

Malware Config

Targets

- Target
  
  bipecdki.jpg
- Size
  
  183KB
- MD5
  
  ef16ee90b57cac3eac93811f5e419274
- SHA1
  
  50bbd97e169875d7b5a5a6b74972e5d6f505e4aa
- SHA256
  
  97f3aabf9445d243dccfe0a8e0662d279e2d77f0ad88e75ec44496af748e6eea
- SHA512
  
  4186aa8b555e7bbe0c64b1b1353760356f260fee47e1e377e7f1958f5e02d47e20a6641189e85f725a3d2f145855c14df4a31da12156dca00a608c543682e5d9
- SSDEEP
  
  3072:9a5BgRtc2wC5sh7oQ260QkY9KNuraPk2Ziig7tmDL00ksXLpukZ/KEqSEfYKI:9sgRtc2Ky+jlijdLxnKYf
Score

10^/10

chimera defense_evasion discovery ransomware spyware stealer
- Chimera
  Ransomware which infects local and network files, often distributed via Dropbox links.
  ransomware chimera
- Chimera Ransomware Loader DLL
  Drops/unpacks executable file which resembles Chimera's Loader.dll.
  ransomware
- Renames multiple (3302) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

chimeradefense_evasiondiscoveryransomwarespywarestealer

© 2018-2024

Terms | Privacy