chaos | c277a8fe3f35b51cb210db9bd9d4215fb05e694cd15b46d2a0aa1f094738c163 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

cartel.exe

windows7-x64

cartel.exe

windows10-2004-x64

Sharing

General

Target

cartel.exe
Size

854KB
Sample

241027-wm9fssxrfz
MD5

9e7f8bbc8b012b6a9125d72d8872c1b9
SHA1

71ffa7a408554eed422aa044613f100eafc78c57
SHA256

c277a8fe3f35b51cb210db9bd9d4215fb05e694cd15b46d2a0aa1f094738c163
SHA512

9fff0dbbe1492adf2b1b6c3d707861ed629f1e24490abc6893559903fb019ac620142bd60de33a39f41a9d735064e1fae421defc0dc6bc7973ee28987709ba80
SSDEEP

12288:b0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z2GjShqL:o5vgHWjTwAlocaKjyyItHDzH

Score

10^/10

chaos discovery ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

cartel.exe

Resource

win7-20240903-en

chaos discovery ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

cartel.exe

Resource

win10v2004-20241007-en

chaos discovery ransomware

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  cartel.exe
- Size
  
  854KB
- MD5
  
  9e7f8bbc8b012b6a9125d72d8872c1b9
- SHA1
  
  71ffa7a408554eed422aa044613f100eafc78c57
- SHA256
  
  c277a8fe3f35b51cb210db9bd9d4215fb05e694cd15b46d2a0aa1f094738c163
- SHA512
  
  9fff0dbbe1492adf2b1b6c3d707861ed629f1e24490abc6893559903fb019ac620142bd60de33a39f41a9d735064e1fae421defc0dc6bc7973ee28987709ba80
- SSDEEP
  
  12288:b0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z2GjShqL:o5vgHWjTwAlocaKjyyItHDzH
Score

10^/10

chaos discovery ransomware
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

chaosdiscoveryransomware

behavioral2

chaosdiscoveryransomware

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.