Extracted

• • Target

    dickd.exe

  • Size

    295KB

  • MD5

    765079967592ca7293da5e2b792d3442

  • SHA1

    0ca816f83480e9ab4bac02c7af501c7058ddad88

  • SHA256

    d65bb45d038c257ccd7cf42aa6179e0b2095e14209101ee2dcaee4f69586a54a

  • SHA512

    e2651e113244e73eb84e8606d64803ff464cad9ac921d777f8cebc00d626e170d37f28a1febf55882c6859d893aed99de9e01629fe965b2276cfef07e9f4ade6

  • SSDEEP

    6144:8Sr9ScdUdRZek/jzIhnqjE/xgrSzgDQxGsokL:ndUd/V4hnmE/CSIQM6

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1