Extracted

• • Target

    wertg.exe

  • Size

    652KB

  • MD5

    59db985c17a4ab06d3a0fbbb39ac045e

  • SHA1

    2622da604c4be6f2b8ad06cb2fa55d412ba53ece

  • SHA256

    9a065bd64cf7f9f4d1385bfd9df86325e03f8dd64d0a3af56cfd05a7b28c3247

  • SHA512

    8a0a2bb31c37ea27aeaa5f9b1e5f5ce3a42cecca8bdddb00b622bb722c4d7a2e36442b7c628d17629974676278aa0703e1088984599cf216eb2ff6e6a2f995a4

  • SSDEEP

    12288:n4/yrAlyQGlqrLFB8vT+RNinZ12sVNRgznu+Jbb0LrYsFPV0ZSYWaBfF+Nd5zKF:nMM4qskaNxm

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactpersistenceransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Disables Task Manager via registry modification

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2