General

  • Target

    202523606be3b79ee5b59b342404b0c4ec85df4182ceffd97d02fd02effdce89.exe

  • Size

    27KB

  • Sample

    241116-cnjf8axjay

  • MD5

    4dd53a1b9a5bc8e1c327abfa7774e287

  • SHA1

    220dffcf2a4064f0b01900def851823fa6e9e539

  • SHA256

    202523606be3b79ee5b59b342404b0c4ec85df4182ceffd97d02fd02effdce89

  • SHA512

    cee4524a1462c8272c6e3d404ac603720b02558ab2bd1f23ecb7c53afcafeef48eed10f96d05f1a2450793e8376ce368c770ca43b63931461dc7f0f34ef22588

  • SSDEEP

    384:/FftWZPzzxAm1vp5ZRoDCFKW6pAnAQ5nelEOy5o91lDM5sp/82vG:/FW7zxAmpfyCz6pVQ5fho9kGR82+

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\read_it.txt

Ransom Note
Don't worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send 3 of your encrypted files and we decrypt it for free. You must follow these steps To decrypt your files : 1) Write on our e-mail :[email protected] ( In case of no answer in 24 hours check your spam folder or write us to this e-mail: [email protected]) 2) Obtain Bitcoin (You have to pay for decryption in Bitcoins. After payment we will send you the tool that will decrypt all your files.)

Targets

    • Target

      202523606be3b79ee5b59b342404b0c4ec85df4182ceffd97d02fd02effdce89.exe

    • Size

      27KB

    • MD5

      4dd53a1b9a5bc8e1c327abfa7774e287

    • SHA1

      220dffcf2a4064f0b01900def851823fa6e9e539

    • SHA256

      202523606be3b79ee5b59b342404b0c4ec85df4182ceffd97d02fd02effdce89

    • SHA512

      cee4524a1462c8272c6e3d404ac603720b02558ab2bd1f23ecb7c53afcafeef48eed10f96d05f1a2450793e8376ce368c770ca43b63931461dc7f0f34ef22588

    • SSDEEP

      384:/FftWZPzzxAm1vp5ZRoDCFKW6pAnAQ5nelEOy5o91lDM5sp/82vG:/FW7zxAmpfyCz6pVQ5fho9kGR82+

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks