Extracted

• • Target

    crynox.exe

  • Size

    599KB

  • MD5

    f9f3379858516f1ec7c3474dba4cfe13

  • SHA1

    2365e729155dad22856e09275cb94369889d4f14

  • SHA256

    d36c18499800859f77d6c2462a99b6e5e5e066fff95418dce4d5fdb8d45d0106

  • SHA512

    4fcab92050504619a581043023dcbc106a816d1fe134c5f351478295281d08bfc50ab4a77e7c59210aa2bf4b704ffee6b0c27f4d3153703087b86d5a633b2b5b

  • SSDEEP

    12288:1Iw6EkPJU2XGyVdEcIf/vbIGSA4Jxv+T:8SJyIP8

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (181) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Disables Task Manager via registry modification

    evasion

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1