General
-
Target
N3OR4NS0M.exe
-
Size
117KB
-
Sample
250218-b3kgdsvqgs
-
MD5
0772d9df47836609fbfdd95ce144b683
-
SHA1
2cfe3bebd9c1eda6f8478dd6f8271b42ddcba7c6
-
SHA256
25fba19a79ca6ef0c1f8b092c8f6e0cb4ac91239089b2764f73bf59c29a544ef
-
SHA512
86631a262c35324091fdbbffc5499b60b69d37b41496bd8b52fe85355c97ca07f6005e02eef4244622b4dd7659c9effa560e5ca3afb4f0f98ed2d3af6b062b86
-
SSDEEP
3072:1oyESEKr9zTg9RUa2WgSEBYBEHgX0oz15WXf:XNr9zToN2WfNX0ozvq
Malware Config
Targets
-
-
Target
N3OR4NS0M.exe
-
Size
117KB
-
MD5
0772d9df47836609fbfdd95ce144b683
-
SHA1
2cfe3bebd9c1eda6f8478dd6f8271b42ddcba7c6
-
SHA256
25fba19a79ca6ef0c1f8b092c8f6e0cb4ac91239089b2764f73bf59c29a544ef
-
SHA512
86631a262c35324091fdbbffc5499b60b69d37b41496bd8b52fe85355c97ca07f6005e02eef4244622b4dd7659c9effa560e5ca3afb4f0f98ed2d3af6b062b86
-
SSDEEP
3072:1oyESEKr9zTg9RUa2WgSEBYBEHgX0oz15WXf:XNr9zToN2WfNX0ozvq
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Chaos family
-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
Hawkeye family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (229) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1