Overview

overview

10

Static

static

10

SatanCDD.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SatanCDD.exe

  • Size

    132KB

  • Sample

    250110-d61c5azrfx

  • MD5

    3c97c62c8d17b8afa1c67791b101ac1f

  • SHA1

    b426fcd8a1258346949f2bcd3fdf997e93b9b3a4

  • SHA256

    7edc963b7d439ffe6f659b5aaa4c511446a7fc4eb0aca7ec2010e43686807103

  • SHA512

    09556f4f9e7de7e319c5be661eebcf925670fe736a84804457855eceeedfcd821091054183edc11ee7b94fa75e9f10bead2e96fd71e36d3c69614fa4b0d05094

  • SSDEEP

    3072:Ao/apr9lf9wIe3330+hbC7rOwyXS6XNmnqCbU47rrm:Yr9lfqIenf6LYNQv

Score
10/10
chaosdefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Warning.txt

Ransom Note
Your files has been encrypted By SatanCDD and you won't be able to decrypt them without our help What can I do to get my files back You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer The price for the software is $5,981 Dollars can be made in Bitcoin only Please Contact Us At Gmail: [email protected] Or if you want Join us in Private Group here is link: http://mzg4llxp4kaf4qq5s4hlentf45rjda3mzev3j6hlh2endarc2k6z6oyd.onion/satancd-room PIN: 3699 But First off Please Install Tor Browser: https://www.torproject.org/ja/download/ Payment informationAmount: 0.064 BTC Bitcoin Address: bc1qmxj6genhefmsqjntu8239j0evxr7z7zm0dhqqm
URLs

http://mzg4llxp4kaf4qq5s4hlentf45rjda3mzev3j6hlh2endarc2k6z6oyd.onion/satancd-room

Targets

    • Target

      SatanCDD.exe

    • Size

      132KB

    • MD5

      3c97c62c8d17b8afa1c67791b101ac1f

    • SHA1

      b426fcd8a1258346949f2bcd3fdf997e93b9b3a4

    • SHA256

      7edc963b7d439ffe6f659b5aaa4c511446a7fc4eb0aca7ec2010e43686807103

    • SHA512

      09556f4f9e7de7e319c5be661eebcf925670fe736a84804457855eceeedfcd821091054183edc11ee7b94fa75e9f10bead2e96fd71e36d3c69614fa4b0d05094

    • SSDEEP

      3072:Ao/apr9lf9wIe3330+hbC7rOwyXS6XNmnqCbU47rrm:Yr9lfqIenf6LYNQv

    Score
    10/10
    chaosdefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Chaos family

      chaos

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks