General
-
Target
adadadada.exe
-
Size
42KB
-
Sample
241027-werwsazfng
-
MD5
423e608ecb3df0edeed33a1e7f1eaeaa
-
SHA1
fc78ae3736d06e81c0bb6e0d1cdea08ce3143174
-
SHA256
5560a7aa16362f2783af483ae2e92ef7ad73fef414aa39641c07734f720c2624
-
SHA512
08c6317b68c8bd117e062f13bdca098986ff7fbd93ec4a4e6a41d9a0e51870da71e0845e87cbd2df639c57a15fdc89cba52c01f420a34bf991304471e534b807
-
SSDEEP
768:Z3qo2LfZpULbTz8gr93bxXTVeVDC1SRUSnSk5mzAz2URJNZovB9VqiE7bYec:0o2I/8gr93bGVhtSLzk2UR+v7Vutc
Behavioral task
behavioral1
Sample
adadadada.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
adadadada.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\Documents\read_it.txt
chaos
Targets
-
-
Target
adadadada.exe
-
Size
42KB
-
MD5
423e608ecb3df0edeed33a1e7f1eaeaa
-
SHA1
fc78ae3736d06e81c0bb6e0d1cdea08ce3143174
-
SHA256
5560a7aa16362f2783af483ae2e92ef7ad73fef414aa39641c07734f720c2624
-
SHA512
08c6317b68c8bd117e062f13bdca098986ff7fbd93ec4a4e6a41d9a0e51870da71e0845e87cbd2df639c57a15fdc89cba52c01f420a34bf991304471e534b807
-
SSDEEP
768:Z3qo2LfZpULbTz8gr93bxXTVeVDC1SRUSnSk5mzAz2URJNZovB9VqiE7bYec:0o2I/8gr93bGVhtSLzk2UR+v7Vutc
Score10/10-
Chaos Ransomware
-
Chaos family
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-