chaos | 11e9ca6ae7a3b1c85bfe6bae292cb60bdff4c67c0245bbf0a54cd90832ce3a05 | Triage

Submit
Reports

Overview

overview

Static

static

1

Trojan.Ran...0M.zip

windows7-x64

Sharing

General

Target

Trojan.Ransom.N3OR4NS0M.zip
Size

55KB
Sample

250218-bz272avqew
MD5

9a17e2a345dec5c2059ba68e8e2f3f7e
SHA1

885f1ec279ec3c9d368d7fc725784be16940896e
SHA256

11e9ca6ae7a3b1c85bfe6bae292cb60bdff4c67c0245bbf0a54cd90832ce3a05
SHA512

982c5a1437630fe6a09aa05cec89b87dca5f721677cafb280e8be0e4eb473e1fffc7e1d933605e22d4ce37fca42a65ca26cc55d1004ee8e5f2819d2124519b31
SSDEEP

1536:+6UyC7Q1Q8gsbFXq//7vBTH0AE1vQzXUCH:+yC7McPbBjW+tH

Score

10^/10

chaos hawkeye defense_evasion execution impact keylogger ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Trojan.Ransom.N3OR4NS0M.zip

Resource

win7-20241010-en

chaos hawkeye defense_evasion execution impact keylogger ransomware spyware stealer trojan

windows7-x64

18 signatures

900 seconds

Malware Config

Targets

- Target
  
  Trojan.Ransom.N3OR4NS0M.zip
- Size
  
  55KB
- MD5
  
  9a17e2a345dec5c2059ba68e8e2f3f7e
- SHA1
  
  885f1ec279ec3c9d368d7fc725784be16940896e
- SHA256
  
  11e9ca6ae7a3b1c85bfe6bae292cb60bdff4c67c0245bbf0a54cd90832ce3a05
- SHA512
  
  982c5a1437630fe6a09aa05cec89b87dca5f721677cafb280e8be0e4eb473e1fffc7e1d933605e22d4ce37fca42a65ca26cc55d1004ee8e5f2819d2124519b31
- SSDEEP
  
  1536:+6UyC7Q1Q8gsbFXq//7vBTH0AE1vQzXUCH:+yC7McPbBjW+tH
Score

10^/10

chaos hawkeye defense_evasion execution impact keylogger ransomware spyware stealer trojan
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (238) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

chaoshawkeyedefense_evasionexecutionimpactkeyloggerransomwarespywarestealertrojan

© 2018-2025

Terms | Privacy