chimera | 6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...8.html

windows10-ltsc 2021-x64

Resubmissions

28-01-2025 16:58

250128-vg68tavpgw 3

28-01-2025 16:28

250128-tys7vavjd1 5

27-01-2025 16:24

250127-twh9vsxjhy 6

27-01-2025 16:23

250127-tvw5bsxpcl 1

27-01-2025 16:22

250127-tt83haxjcx 1

27-01-2025 16:16

250127-tqthmswqgx 8

27-01-2025 02:40

250127-c5ymgaxndr 10

25-01-2025 04:07

250125-epynmsvndw 4

24-01-2025 16:04

250124-th4cwawmhv 3

22-01-2025 22:00

250122-1wz1yayncr 3

Sharing

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818
Size

25KB
Sample

250113-vfc9casjcj
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

10^/10

chimera discovery persistence ransomware upx

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html

Resource

win10ltsc2021-20250113-en

chimera discovery persistence ransomware upx

windows10-ltsc 2021-x64

27 signatures

900 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_1d93e8597dd860cf81cd913c4b997818
- Size
  
  25KB
- MD5
  
  1d93e8597dd860cf81cd913c4b997818
- SHA1
  
  a7dacf6a32b194720a87130a16f2222c44f036eb
- SHA256
  
  6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
- SHA512
  
  c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
- SSDEEP
  
  384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ
Score

10^/10

chimera discovery persistence ransomware upx
- Chimera
  Ransomware which infects local and network files, often distributed via Dropbox links.
  ransomware chimera
- Chimera Ransomware Loader DLL
  Drops/unpacks executable file which resembles Chimera's Loader.dll.
  ransomware
- Chimera family
  chimera
- Renames multiple (3294) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

chimeradiscoverypersistenceransomwareupx

© 2018-2025

Terms | Privacy