Resubmissions

12/03/2025, 21:38

250312-1g2k8atybt 10

09/03/2025, 00:43

250309-a3c7mswkz5 10

09/03/2025, 00:40

250309-a1jxeawvbx 10

General

  • Target

    Trojan.Ransom.Chimera.zip

  • Size

    128KB

  • Sample

    250312-1g2k8atybt

  • MD5

    516c7e4d553b8a32856b5c4fc2e7519d

  • SHA1

    ca20c227b31eacec40c9a2935a0f5921f3d4e1b7

  • SHA256

    c577e52acd51c63f1313eadd17580a9d89995e6a9713d40d390e40dc2d7da404

  • SHA512

    ad2a5356a0d9faf7cac215a2bdd44cba0fde89e5ad4f887389db7f8576a7829595e61d81d485597fa3dbdfaaa6190be291087166d9eadf7e1855a73fbdc6cb16

  • SSDEEP

    3072:z6rHehPZGIQFIbdqrVKKLaF8eL3SqLjPn4RT:+qhPZGIkIbdS8K2T2q/Qh

Malware Config

Targets

    • Target

      Trojan.Ransom.Chimera.zip

    • Size

      128KB

    • MD5

      516c7e4d553b8a32856b5c4fc2e7519d

    • SHA1

      ca20c227b31eacec40c9a2935a0f5921f3d4e1b7

    • SHA256

      c577e52acd51c63f1313eadd17580a9d89995e6a9713d40d390e40dc2d7da404

    • SHA512

      ad2a5356a0d9faf7cac215a2bdd44cba0fde89e5ad4f887389db7f8576a7829595e61d81d485597fa3dbdfaaa6190be291087166d9eadf7e1855a73fbdc6cb16

    • SSDEEP

      3072:z6rHehPZGIQFIbdqrVKKLaF8eL3SqLjPn4RT:+qhPZGIkIbdS8K2T2q/Qh

    • Chimera

      Ransomware which infects local and network files, often distributed via Dropbox links.

    • Chimera Ransomware Loader DLL

      Drops/unpacks executable file which resembles Chimera's Loader.dll.

    • Chimera family

    • Renames multiple (3285) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks