Overview

overview

10

Static

static

10

202523606b...89.exe

windows7-x64

10

202523606b...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dd53a1b9a5bc8e1c327abfa7774e287.bin

  • Size

    13KB

  • Sample

    241117-bllm5asjfr

  • MD5

    5cccfb7b715a72bade9f1f2d101a4c9e

  • SHA1

    251a3430b212e848b72d7debe566542af04c9b71

  • SHA256

    f5f9a81c3c3105e9034d3f09a3398d7a6ad4cbcf99c653c14bc19ced0a9bbd50

  • SHA512

    c8b307f49beafb7301f3721427c105d2fd478b25382174198b012d0370324d399409f3cc4ab207a358659fff8df9bc388af4cfd570cd6bdcc271f9fe46d18492

  • SSDEEP

    192:w5QiitYj9bm2Ex5kLq0aNjRgR+XUvntyB7cQVsfqE18lT3+UyliT+UfMoG7Z2azz:/iIsESLuNzXqkBYQOfP1cTO1Kf/VafP

Score
10/10
chaospersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\read_it.txt

Ransom Note
Don't worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send 3 of your encrypted files and we decrypt it for free. You must follow these steps To decrypt your files : 1) Write on our e-mail :[email protected] ( In case of no answer in 24 hours check your spam folder or write us to this e-mail: [email protected]) 2) Obtain Bitcoin (You have to pay for decryption in Bitcoins. After payment we will send you the tool that will decrypt all your files.)

Targets

    • Target

      202523606be3b79ee5b59b342404b0c4ec85df4182ceffd97d02fd02effdce89.exe

    • Size

      27KB

    • MD5

      4dd53a1b9a5bc8e1c327abfa7774e287

    • SHA1

      220dffcf2a4064f0b01900def851823fa6e9e539

    • SHA256

      202523606be3b79ee5b59b342404b0c4ec85df4182ceffd97d02fd02effdce89

    • SHA512

      cee4524a1462c8272c6e3d404ac603720b02558ab2bd1f23ecb7c53afcafeef48eed10f96d05f1a2450793e8376ce368c770ca43b63931461dc7f0f34ef22588

    • SSDEEP

      384:/FftWZPzzxAm1vp5ZRoDCFKW6pAnAQ5nelEOy5o91lDM5sp/82vG:/FW7zxAmpfyCz6pVQ5fho9kGR82+

    Score
    10/10
    chaospersistenceransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Chaos family

      chaos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks