General
-
Target
Sols RNG [Eon 1-1] - ROLLING OBLIVION IN GLITCH BIOME!!! (WITH REACTION) 480.mp4
-
Size
8.1MB
-
Sample
241222-ry481a1qel
-
MD5
7a922dc11e75f0a29f8301a7c7618c2b
-
SHA1
a147bf976557d00e7bf0dcbaf7e43fec5277d9e6
-
SHA256
b20976ed9b7d2c8cab61375a83d302258858ee57b5f497a431763b1a8e9ca2dc
-
SHA512
48e08ab89618b6eb4ef86929e5e176d103d9c28909cfeaa47e457e7a7233f2cf1886bcb07abd38dbddf7fae5b224312a8112061ec994b9a38e6980f1ed8c921b
-
SSDEEP
196608:HsIcL0wGqPi/xOuRu40kE/afekLeZl4zuKQXlRSqesHnaE+YR:HHwbKc4FE/a3Sl1Xnx6EP
Static task
static1
Behavioral task
behavioral1
Sample
Sols RNG [Eon 1-1] - ROLLING OBLIVION IN GLITCH BIOME!!! (WITH REACTION) 480.mp4
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Sols RNG [Eon 1-1] - ROLLING OBLIVION IN GLITCH BIOME!!! (WITH REACTION) 480.mp4
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Sols RNG [Eon 1-1] - ROLLING OBLIVION IN GLITCH BIOME!!! (WITH REACTION) 480.mp4
-
Size
8.1MB
-
MD5
7a922dc11e75f0a29f8301a7c7618c2b
-
SHA1
a147bf976557d00e7bf0dcbaf7e43fec5277d9e6
-
SHA256
b20976ed9b7d2c8cab61375a83d302258858ee57b5f497a431763b1a8e9ca2dc
-
SHA512
48e08ab89618b6eb4ef86929e5e176d103d9c28909cfeaa47e457e7a7233f2cf1886bcb07abd38dbddf7fae5b224312a8112061ec994b9a38e6980f1ed8c921b
-
SSDEEP
196608:HsIcL0wGqPi/xOuRu40kE/afekLeZl4zuKQXlRSqesHnaE+YR:HHwbKc4FE/a3Sl1Xnx6EP
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Probable phishing domain
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1Impair Defenses
1Disable or Modify Tools
1Indicator Removal
3File Deletion
3Modify Registry
3Pre-OS Boot
1Bootkit
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Query Registry
5Remote System Discovery
1System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1