General
-
Target
wt.exe
-
Size
23KB
-
Sample
241106-p3t8gszhkf
-
MD5
9cbcaed1a71dca5fa2fcb5fe41e0d083
-
SHA1
699923b980e8b8677ab29137dec889cb4c7a87da
-
SHA256
4a99edc4912bb72864cf424c67b500187079ffb5bee14d6851800ebff9a56808
-
SHA512
bab13f8992a4c692412e0e15567693df36d02e6bf986bbadf9c4ff5b285b57853c6a9eafc3250cd1bdf33977428ddfa6c783080d1430e5593a181add28f19f2f
-
SSDEEP
384:I3Mg/bqo2f+B3kXSP1/pYVvobPJ/r91C9zBq92BewD9:2qo2gtxpjh/r9uzs9WewD9
Behavioral task
behavioral1
Sample
wt.exe
Resource
win11-20241007-en
Malware Config
Extracted
C:\Users\Admin\Documents\read_it.txt
chaos
Targets
-
-
Target
wt.exe
-
Size
23KB
-
MD5
9cbcaed1a71dca5fa2fcb5fe41e0d083
-
SHA1
699923b980e8b8677ab29137dec889cb4c7a87da
-
SHA256
4a99edc4912bb72864cf424c67b500187079ffb5bee14d6851800ebff9a56808
-
SHA512
bab13f8992a4c692412e0e15567693df36d02e6bf986bbadf9c4ff5b285b57853c6a9eafc3250cd1bdf33977428ddfa6c783080d1430e5593a181add28f19f2f
-
SSDEEP
384:I3Mg/bqo2f+B3kXSP1/pYVvobPJ/r91C9zBq92BewD9:2qo2gtxpjh/r9uzs9WewD9
-
Chaos Ransomware
-
Chaos family
-
Downloads MZ/PE file
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1