chaos | 41dc37e9a04507ff7f42b3fef05dac411c28b2016779461c5405b219d44527ca | Triage

Submit
Reports

Overview

overview

Static

static

2025-02-23...ry.exe

windows7-x64

2025-02-23...ry.exe

windows10-2004-x64

Sharing

General

Target

2025-02-23_58647f59cddd222604d96d41f3e09e5b_wannacry
Size

574KB
Sample

250223-w2j5fswkv8
MD5

58647f59cddd222604d96d41f3e09e5b
SHA1

f8adc427de6c3eb4d271a0f72d07fd8e193793ba
SHA256

41dc37e9a04507ff7f42b3fef05dac411c28b2016779461c5405b219d44527ca
SHA512

eb0df23fdddcdb7adc625730fae0793fb9b610157589a2d8502e8bcd2bb280ccb7dffd50e5c68a146a353d7fe171f8bd37dc9e838d9f17d251dd4b9d26abbf80
SSDEEP

12288:YFghl4t7gdFiKhZgiUxheMYKlApW7Vq2NAhLpq5lZc1D:YF0ZniBsvVdd1

Score

10^/10

chaos discovery ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-02-23_58647f59cddd222604d96d41f3e09e5b_wannacry.exe

Resource

win7-20240903-en

chaos discovery ransomware spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-23_58647f59cddd222604d96d41f3e09e5b_wannacry.exe

Resource

win10v2004-20250217-en

chaos ransomware spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-02-23_58647f59cddd222604d96d41f3e09e5b_wannacry
- Size
  
  574KB
- MD5
  
  58647f59cddd222604d96d41f3e09e5b
- SHA1
  
  f8adc427de6c3eb4d271a0f72d07fd8e193793ba
- SHA256
  
  41dc37e9a04507ff7f42b3fef05dac411c28b2016779461c5405b219d44527ca
- SHA512
  
  eb0df23fdddcdb7adc625730fae0793fb9b610157589a2d8502e8bcd2bb280ccb7dffd50e5c68a146a353d7fe171f8bd37dc9e838d9f17d251dd4b9d26abbf80
- SSDEEP
  
  12288:YFghl4t7gdFiKhZgiUxheMYKlApW7Vq2NAhLpq5lZc1D:YF0ZniBsvVdd1
Score

10^/10

chaos discovery ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

chaosdiscoveryransomwarespywarestealer

behavioral2

chaosransomwarespywarestealer

© 2018-2025

Terms | Privacy