General
-
Target
6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98
-
Size
2.8MB
-
Sample
241107-rpc36awnbk
-
MD5
9db424c6cad9c48c559c45c5c410ebe1
-
SHA1
6e975642501db27324f035990b507fd2eeda30ba
-
SHA256
6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98
-
SHA512
f0b4ae4e1dd8f25bba0599dd8ec4a088eab74a9545103043d984d2d55a4522cff80480f9d23d0d9683df9dcb03a402929030f42ade7514fe85973dab2eafb9fe
-
SSDEEP
24576:1DSqgStv6LDyjF4QYhrxJw+oOD6Nfye2IdiyeU7MMpOusu72d:1+eKQ+Tw5iYfye2IIyFdt7
Behavioral task
behavioral1
Sample
6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98
-
Size
2.8MB
-
MD5
9db424c6cad9c48c559c45c5c410ebe1
-
SHA1
6e975642501db27324f035990b507fd2eeda30ba
-
SHA256
6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98
-
SHA512
f0b4ae4e1dd8f25bba0599dd8ec4a088eab74a9545103043d984d2d55a4522cff80480f9d23d0d9683df9dcb03a402929030f42ade7514fe85973dab2eafb9fe
-
SSDEEP
24576:1DSqgStv6LDyjF4QYhrxJw+oOD6Nfye2IdiyeU7MMpOusu72d:1+eKQ+Tw5iYfye2IIyFdt7
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1