General
-
Target
AnyDesk.exe
-
Size
7.2MB
-
Sample
241102-twvb5aymhs
-
MD5
8f1eaaf77aa07ceb4af188ab50db4ed3
-
SHA1
15148c0a2044805762d8494600386f49aec07b55
-
SHA256
4c595e8e612d7663804656ecfb65d3a833e585652ba8f15f486611873420e9a1
-
SHA512
d8ffa382cb99d3d7a1659a66fe6d586fea42aec9c21243e3d9b03928faf139809a435cb51dd0ec8ca5902b60a3effe8847637751a4075297ca189b4515e1ffcc
-
SSDEEP
49152:MiZLYKiEYSkVodi19NPftSFwkrJxWxhlMOkj7EqTUOgA37MJ+WftYs:
Behavioral task
behavioral1
Sample
AnyDesk.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
AnyDesk.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\Desktop\read_it.txt
chaos
1Fv8VepbEL9tVmBAzu5zvH8JcLDopUVfoS
Targets
-
-
Target
AnyDesk.exe
-
Size
7.2MB
-
MD5
8f1eaaf77aa07ceb4af188ab50db4ed3
-
SHA1
15148c0a2044805762d8494600386f49aec07b55
-
SHA256
4c595e8e612d7663804656ecfb65d3a833e585652ba8f15f486611873420e9a1
-
SHA512
d8ffa382cb99d3d7a1659a66fe6d586fea42aec9c21243e3d9b03928faf139809a435cb51dd0ec8ca5902b60a3effe8847637751a4075297ca189b4515e1ffcc
-
SSDEEP
49152:MiZLYKiEYSkVodi19NPftSFwkrJxWxhlMOkj7EqTUOgA37MJ+WftYs:
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1