chaos

General

Target

SkynetLocker.exe
Size

329KB
Sample

241122-x8gtcasraq
MD5

75a95bd340c43bf016117c1013631c42
SHA1

90a88828b3ed3c25bd91e20b67012f54e221ade6
SHA256

b9cd15b5f4112728466f2c11d595711d0953da0d26408b57f42d1215cf60b1b1
SHA512

41b4356df8be11a8a395918a8871f466c3b7e67ab1eaae1c40cfc374085302ca8693c463e8c24c143c362edde4c43442ddc52ae4ec96a4b4ad294caea17fcb62
SSDEEP

6144:7cVbL0hiIOb8+LDCvzCnQHw67feMv8KiPuTL94:7cVJIOA+vCvnJ8tPuF4

Score

10^/10

Malware Config

Extracted

Path

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\SkynetData.txt

Ransom Note

------------------------ ALL YOUR FILES ARE ENCRYPTED ------------------------ Don't worry, you can return all your files! All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees do we give to you? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information Don't try to use third-party decrypt tools because it will destroy your files. Discount 50% available if you contact us first 24 hours. To get this software you need write on our e-mail: [email protected]

Emails

[email protected]

Targets

- Target
  
  SkynetLocker.exe
- Size
  
  329KB
- MD5
  
  75a95bd340c43bf016117c1013631c42
- SHA1
  
  90a88828b3ed3c25bd91e20b67012f54e221ade6
- SHA256
  
  b9cd15b5f4112728466f2c11d595711d0953da0d26408b57f42d1215cf60b1b1
- SHA512
  
  41b4356df8be11a8a395918a8871f466c3b7e67ab1eaae1c40cfc374085302ca8693c463e8c24c143c362edde4c43442ddc52ae4ec96a4b4ad294caea17fcb62
- SSDEEP
  
  6144:7cVbL0hiIOb8+LDCvzCnQHw67feMv8KiPuTL94:7cVJIOA+vCvnJ8tPuF4
Score

10^/10

chaos defense_evasion evasion execution impact persistence ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2