chaos | 1c46cde332afed277986eaae2d50dc288ecd052735235b35962adb21202bb354 | Triage

Submit
Reports

Overview

overview

Static

static

ransomware...TE.exe

windows7-x64

ransomware...TE.exe

windows10-2004-x64

Sharing

General

Target

ransomwareDONOTEXECUTE.exe
Size

248KB
Sample

250114-q489ga1qgp
MD5

fe3ac4694dfe15762f09f902f1bf5fd3
SHA1

a3ee731f0e44167c63429f776b30ed1c38204e92
SHA256

1c46cde332afed277986eaae2d50dc288ecd052735235b35962adb21202bb354
SHA512

0669f7328281de827a2bc975f174a985e6b4fbbc4b0cf599b6fea29f92d4633d6c7285049f9c52d39706282a5c1a3c34f2b1fd21e8515ef7fe2dd7a8711045ee
SSDEEP

1536:Oo2ylT90mr9xV46YE63xzqPTosYCXb2CmVjstPYDkuH:OotB90mr9xV41E6lOomaRg2Dk

Score

10^/10

chaos ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ransomwareDONOTEXECUTE.exe

Resource

win7-20240729-en

chaos ransomware spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ransomwareDONOTEXECUTE.exe

Resource

win10v2004-20241007-en

chaos ransomware spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  ransomwareDONOTEXECUTE.exe
- Size
  
  248KB
- MD5
  
  fe3ac4694dfe15762f09f902f1bf5fd3
- SHA1
  
  a3ee731f0e44167c63429f776b30ed1c38204e92
- SHA256
  
  1c46cde332afed277986eaae2d50dc288ecd052735235b35962adb21202bb354
- SHA512
  
  0669f7328281de827a2bc975f174a985e6b4fbbc4b0cf599b6fea29f92d4633d6c7285049f9c52d39706282a5c1a3c34f2b1fd21e8515ef7fe2dd7a8711045ee
- SSDEEP
  
  1536:Oo2ylT90mr9xV46YE63xzqPTosYCXb2CmVjstPYDkuH:OotB90mr9xV41E6lOomaRg2Dk
Score

10^/10

chaos ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- Renames multiple (222) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

chaosransomwarespywarestealer

behavioral2

chaosransomwarespywarestealer

© 2018-2025

Terms | Privacy