Overview

overview

10

Static

static

10

2025-01-13...ry.exe

windows7-x64

10

2025-01-13...ry.exe

windows10-2004-x64

10

Resubmissions

14-01-2025 13:50

250114-q5l6bs1qhp 10

13-01-2025 02:34

250113-c2mqss1qcs 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-13_f486b46ddbd248c5182799957e6f469b_chaos_destroyer_wannacry

  • Size

    22KB

  • Sample

    250113-c2mqss1qcs

  • MD5

    f486b46ddbd248c5182799957e6f469b

  • SHA1

    2a58267aa820634e8ec5c395f797dc612ae267d4

  • SHA256

    82292c97320930e05de815d6d6ecd6e62f5dca9bdfbf8c4f700cbdc8318daea2

  • SHA512

    9e24a7c94b4c795d56f6ec17f3c21d364bd6e134b6480a6dd751e09fe5e358c32a33027005c1b0a95f98330824176e095a663077a972239658863339d24e61a4

  • SSDEEP

    384:G3MLWHn3kIxfrD5SWPpO+sBIgOk+JFr91Czr4PeC:qn3kIOWPpDOiFr9ikeC

Score
10/10
chaosransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\read_it.txt

Ransom Note
Your computer was locked All of your files have been encrypted Your computer was infected with a ransomware virus. Your files have been encrypted and you won't be able to decrypt them without our help.What can I do to get my files back?You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.The price for the software depends. Payment can be made in Bitcoin only. How do I pay, where do I get Bitcoin? Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search yourself to find out how to buy Bitcoin. Many of our customers have reported these site to be fast and reliable: coinbase.com Message @lulzed on telegram for more information

Targets

    • Target

      2025-01-13_f486b46ddbd248c5182799957e6f469b_chaos_destroyer_wannacry

    • Size

      22KB

    • MD5

      f486b46ddbd248c5182799957e6f469b

    • SHA1

      2a58267aa820634e8ec5c395f797dc612ae267d4

    • SHA256

      82292c97320930e05de815d6d6ecd6e62f5dca9bdfbf8c4f700cbdc8318daea2

    • SHA512

      9e24a7c94b4c795d56f6ec17f3c21d364bd6e134b6480a6dd751e09fe5e358c32a33027005c1b0a95f98330824176e095a663077a972239658863339d24e61a4

    • SSDEEP

      384:G3MLWHn3kIxfrD5SWPpO+sBIgOk+JFr91Czr4PeC:qn3kIOWPpDOiFr9ikeC

    Score
    10/10
    chaosransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Chaos family

      chaos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks