General
-
Target
fix (1).bat
-
Size
15KB
-
Sample
250316-2cgkxs1xbv
-
MD5
f540b2db2d36695bc8b6655e15064e81
-
SHA1
28bfa4b51ec5801926d72674f88ca84274ad7bbe
-
SHA256
75737ef525de64554b57b925ce200912900a171d7cd20bf3480a3f636a99e547
-
SHA512
d02ad7dea623a9652e2158eb651d12681ba484e2209aedcb9545bf0cc4c47bbad04654cb97aa2a968cca2b90549d017549a24cae1c70297f13f9780314f1c2a8
-
SSDEEP
384:A0I4GfU0vhYpSCZ/u8OdkVvaOEPjBvaOM2zLewYBvas2vEewbIQBblvAOUPod9tM:A0I4GfU0vOpSCZ/u8OdkVvaOEPjBvaOf
Static task
static1
Behavioral task
behavioral1
Sample
fix (1).bat
Resource
win11-20250313-en
Malware Config
Targets
-
-
Target
fix (1).bat
-
Size
15KB
-
MD5
f540b2db2d36695bc8b6655e15064e81
-
SHA1
28bfa4b51ec5801926d72674f88ca84274ad7bbe
-
SHA256
75737ef525de64554b57b925ce200912900a171d7cd20bf3480a3f636a99e547
-
SHA512
d02ad7dea623a9652e2158eb651d12681ba484e2209aedcb9545bf0cc4c47bbad04654cb97aa2a968cca2b90549d017549a24cae1c70297f13f9780314f1c2a8
-
SSDEEP
384:A0I4GfU0vhYpSCZ/u8OdkVvaOEPjBvaOM2zLewYBvas2vEewbIQBblvAOUPod9tM:A0I4GfU0vOpSCZ/u8OdkVvaOEPjBvaOf
-
Chaos Ransomware
-
Chaos family
-
StormKitty payload
-
Stormkitty family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Hide Artifacts
1Ignore Process Interrupts
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1