General

  • Target

    6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98

  • Size

    2.8MB

  • Sample

    241107-rpc36awnbk

  • MD5

    9db424c6cad9c48c559c45c5c410ebe1

  • SHA1

    6e975642501db27324f035990b507fd2eeda30ba

  • SHA256

    6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98

  • SHA512

    f0b4ae4e1dd8f25bba0599dd8ec4a088eab74a9545103043d984d2d55a4522cff80480f9d23d0d9683df9dcb03a402929030f42ade7514fe85973dab2eafb9fe

  • SSDEEP

    24576:1DSqgStv6LDyjF4QYhrxJw+oOD6Nfye2IdiyeU7MMpOusu72d:1+eKQ+Tw5iYfye2IIyFdt7

Malware Config

Targets

    • Target

      6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98

    • Size

      2.8MB

    • MD5

      9db424c6cad9c48c559c45c5c410ebe1

    • SHA1

      6e975642501db27324f035990b507fd2eeda30ba

    • SHA256

      6ef2e1dcc973803f396960fcf1199cb037af1a3fd92bd81a8850fd764b8f9d98

    • SHA512

      f0b4ae4e1dd8f25bba0599dd8ec4a088eab74a9545103043d984d2d55a4522cff80480f9d23d0d9683df9dcb03a402929030f42ade7514fe85973dab2eafb9fe

    • SSDEEP

      24576:1DSqgStv6LDyjF4QYhrxJw+oOD6Nfye2IdiyeU7MMpOusu72d:1+eKQ+Tw5iYfye2IIyFdt7

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks