Overview

overview

10

Static

static

10

2024-12-13...ry.exe

windows7-x64

10

2024-12-13...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-13_ee3cf7167280e28f0771ffedfb631a8c_chaos_destroyer_wannacry

  • Size

    23KB

  • Sample

    241213-eymyhayjgx

  • MD5

    ee3cf7167280e28f0771ffedfb631a8c

  • SHA1

    d8f54832a4eb9157bc11fb2ec8c05b96fee4d52f

  • SHA256

    b66cf029d1671b246d1a4ccd86793f587bf8e4237460b892b8009e36a7bf0e68

  • SHA512

    f4df591404f3819457c86db32473610264105f0884fa6b99c904cee57f123ee6d58bb2740587df8130b202f1b8ee47271f7dabe8849c01fd72e71f1cdd882985

  • SSDEEP

    384:R3Mg/bqo2TdYJB7RpfDKw/+98uJYr91CkT7kFWqe+C:Tqo2JoRpfDN/NyYr91kFHex

Score
10/10
chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Documents\LEIA-ME.txt

Family

chaos

Ransom Note
----> Chaos is multi language ransomware. Translate your note to any language <---- Todos os seus arquivos foram criptografados Seu computador foi infectado com um vírus ransomware. Seus arquivos foram criptografados e você não ser capaz de descriptografá-los sem nossa ajuda. O que posso fazer para recuperar meus arquivos? Você pode comprar nosso especial software de descriptografia, este software permitirá que você recupere todos os seus dados e remova o ransomware do seu computador. O preço do software é de 10 reais. O pagamento pode ser feito apenas em pix Como faço para pagar, tranfira neste pix copia e cola 00020126430014br.gov.bcb.pix0121leoboni2655@gmail.com520400005303986540510.005802BR5924Alessandra Santos Maciel6009Sao Paulo62290525tpBoqzTIGn3exNx6Jg6wSsGkP630421FC caso nao consiga chame neste email :[email protected]

Targets

    • Target

      2024-12-13_ee3cf7167280e28f0771ffedfb631a8c_chaos_destroyer_wannacry

    • Size

      23KB

    • MD5

      ee3cf7167280e28f0771ffedfb631a8c

    • SHA1

      d8f54832a4eb9157bc11fb2ec8c05b96fee4d52f

    • SHA256

      b66cf029d1671b246d1a4ccd86793f587bf8e4237460b892b8009e36a7bf0e68

    • SHA512

      f4df591404f3819457c86db32473610264105f0884fa6b99c904cee57f123ee6d58bb2740587df8130b202f1b8ee47271f7dabe8849c01fd72e71f1cdd882985

    • SSDEEP

      384:R3Mg/bqo2TdYJB7RpfDKw/+98uJYr91CkT7kFWqe+C:Tqo2JoRpfDN/NyYr91kFHex

    Score
    10/10
    chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Chaos family

      chaos

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks