General
-
Target
Trojan.Ransom.Chimera.zip
-
Size
128KB
-
Sample
250312-1g2k8atybt
-
MD5
516c7e4d553b8a32856b5c4fc2e7519d
-
SHA1
ca20c227b31eacec40c9a2935a0f5921f3d4e1b7
-
SHA256
c577e52acd51c63f1313eadd17580a9d89995e6a9713d40d390e40dc2d7da404
-
SHA512
ad2a5356a0d9faf7cac215a2bdd44cba0fde89e5ad4f887389db7f8576a7829595e61d81d485597fa3dbdfaaa6190be291087166d9eadf7e1855a73fbdc6cb16
-
SSDEEP
3072:z6rHehPZGIQFIbdqrVKKLaF8eL3SqLjPn4RT:+qhPZGIkIbdS8K2T2q/Qh
Malware Config
Targets
-
-
Target
Trojan.Ransom.Chimera.zip
-
Size
128KB
-
MD5
516c7e4d553b8a32856b5c4fc2e7519d
-
SHA1
ca20c227b31eacec40c9a2935a0f5921f3d4e1b7
-
SHA256
c577e52acd51c63f1313eadd17580a9d89995e6a9713d40d390e40dc2d7da404
-
SHA512
ad2a5356a0d9faf7cac215a2bdd44cba0fde89e5ad4f887389db7f8576a7829595e61d81d485597fa3dbdfaaa6190be291087166d9eadf7e1855a73fbdc6cb16
-
SSDEEP
3072:z6rHehPZGIQFIbdqrVKKLaF8eL3SqLjPn4RT:+qhPZGIkIbdS8K2T2q/Qh
Score10/10-
Chimera
Ransomware which infects local and network files, often distributed via Dropbox links.
-
Chimera Ransomware Loader DLL
Drops/unpacks executable file which resembles Chimera's Loader.dll.
-
Chimera family
-
Renames multiple (3285) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1