General
-
Target
cartel.exe
-
Size
854KB
-
Sample
241027-wm9fssxrfz
-
MD5
9e7f8bbc8b012b6a9125d72d8872c1b9
-
SHA1
71ffa7a408554eed422aa044613f100eafc78c57
-
SHA256
c277a8fe3f35b51cb210db9bd9d4215fb05e694cd15b46d2a0aa1f094738c163
-
SHA512
9fff0dbbe1492adf2b1b6c3d707861ed629f1e24490abc6893559903fb019ac620142bd60de33a39f41a9d735064e1fae421defc0dc6bc7973ee28987709ba80
-
SSDEEP
12288:b0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z2GjShqL:o5vgHWjTwAlocaKjyyItHDzH
Behavioral task
behavioral1
Sample
cartel.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cartel.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cartel.exe
-
Size
854KB
-
MD5
9e7f8bbc8b012b6a9125d72d8872c1b9
-
SHA1
71ffa7a408554eed422aa044613f100eafc78c57
-
SHA256
c277a8fe3f35b51cb210db9bd9d4215fb05e694cd15b46d2a0aa1f094738c163
-
SHA512
9fff0dbbe1492adf2b1b6c3d707861ed629f1e24490abc6893559903fb019ac620142bd60de33a39f41a9d735064e1fae421defc0dc6bc7973ee28987709ba80
-
SSDEEP
12288:b0zVvgDNMoWjTmFzAzBocaKjyWtiR1pptHxQ0z2GjShqL:o5vgHWjTwAlocaKjyyItHDzH
Score10/10-
Chaos Ransomware
-
Chaos family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-