Resubmissions

15/03/2025, 21:21

250315-z7k6gstvfx 1

15/03/2025, 21:16

250315-z4rh4atvcz 10

15/03/2025, 20:53

250315-zpj6gaszfx 8

General

  • Target

    whoisthisugly's RAT set.rar

  • Size

    187.1MB

  • Sample

    250315-z4rh4atvcz

  • MD5

    c69fc756e1e907f9f5fb9fdf941d72ca

  • SHA1

    f8ca9861130e99f627342b252153f08ce04e134b

  • SHA256

    c866056155f15ef43598ffdfc6d0bc5dd8f2f13b6c07f489c29feb9dbf6287b7

  • SHA512

    2bc0bf3238b5e6dfdf85a717f27af428decc358b0125416e1681bd3b34e507665f23571578c6389733752a12d61cb96ad420a026a7a8a37924330f54ab711050

  • SSDEEP

    3145728:lUGO4i23z+ikexr5TwvjrBZWGmc7gbFtTmrAQeLKc39BYKmtQPPNtuKK1HYL56yV:lUN4i2D7kA+fKVRbFtkAb+c9BYKQut7j

Malware Config

Targets

    • Target

      whoisthisugly's RAT set.rar

    • Size

      187.1MB

    • MD5

      c69fc756e1e907f9f5fb9fdf941d72ca

    • SHA1

      f8ca9861130e99f627342b252153f08ce04e134b

    • SHA256

      c866056155f15ef43598ffdfc6d0bc5dd8f2f13b6c07f489c29feb9dbf6287b7

    • SHA512

      2bc0bf3238b5e6dfdf85a717f27af428decc358b0125416e1681bd3b34e507665f23571578c6389733752a12d61cb96ad420a026a7a8a37924330f54ab711050

    • SSDEEP

      3145728:lUGO4i23z+ikexr5TwvjrBZWGmc7gbFtTmrAQeLKc39BYKmtQPPNtuKK1HYL56yV:lUN4i2D7kA+fKVRbFtkAb+c9BYKQut7j

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks