General

  • Target

    994ab65cf9072f47b962e271c7b5990a5552ca15de1d35b4f2c21b4c698de2ea.exe

  • Size

    190KB

  • Sample

    241102-twxggszcjp

  • MD5

    50c8525d4becd3e68424f68eae6e6983

  • SHA1

    db8835032d0dcce4b9899671bfa4d8e3ddfc825c

  • SHA256

    994ab65cf9072f47b962e271c7b5990a5552ca15de1d35b4f2c21b4c698de2ea

  • SHA512

    db51b7735eebb57126eb5640195bf9ebe00acc8914bfd2ef31e7e18bac890da63f46a3773e449766faabb31c865ebfb3cb9473e3800b8079a8204b397ee6ba79

  • SSDEEP

    768:/KHkATXfZLdQeIOi1H88pup5n5uwESIL+aOppppOFb0xRbNqmM9dCgKcpdYRHM/W:j4Xfx+H8hpPuw2qieK9dC3cTKtswB

Malware Config

Targets

    • Target

      994ab65cf9072f47b962e271c7b5990a5552ca15de1d35b4f2c21b4c698de2ea.exe

    • Size

      190KB

    • MD5

      50c8525d4becd3e68424f68eae6e6983

    • SHA1

      db8835032d0dcce4b9899671bfa4d8e3ddfc825c

    • SHA256

      994ab65cf9072f47b962e271c7b5990a5552ca15de1d35b4f2c21b4c698de2ea

    • SHA512

      db51b7735eebb57126eb5640195bf9ebe00acc8914bfd2ef31e7e18bac890da63f46a3773e449766faabb31c865ebfb3cb9473e3800b8079a8204b397ee6ba79

    • SSDEEP

      768:/KHkATXfZLdQeIOi1H88pup5n5uwESIL+aOppppOFb0xRbNqmM9dCgKcpdYRHM/W:j4Xfx+H8hpPuw2qieK9dC3cTKtswB

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks