General
-
Target
fixer.bat
-
Size
15KB
-
Sample
250317-a4pxtsxrw3
-
MD5
c401f4c27b32b9b3077b73dfb33b14f0
-
SHA1
1e4fd86651bff73182ca31337d3db2a1095c4116
-
SHA256
5024054fa2aba0e4e75d6a08c11a58d9c58e500b2295f1325884d1f5404e6dec
-
SHA512
dd7bc542947d2e2a94e6ca4c6ab4cbc60e9f19f56d08c692743680e26ec62395e6c0c32e091c6e2f882f82c9f1a4e86c5b26f82fad2f05d0f5571b1dca5ab79d
-
SSDEEP
384:0B8bpEeo0BVJRcDr4ligg9FllFlMSgxBUXXBcN+P:06bpEeo0PJRSrQiDLl1MtxCXXGN+P
Static task
static1
Behavioral task
behavioral1
Sample
fixer.bat
Resource
win11-20250314-en
Malware Config
Targets
-
-
Target
fixer.bat
-
Size
15KB
-
MD5
c401f4c27b32b9b3077b73dfb33b14f0
-
SHA1
1e4fd86651bff73182ca31337d3db2a1095c4116
-
SHA256
5024054fa2aba0e4e75d6a08c11a58d9c58e500b2295f1325884d1f5404e6dec
-
SHA512
dd7bc542947d2e2a94e6ca4c6ab4cbc60e9f19f56d08c692743680e26ec62395e6c0c32e091c6e2f882f82c9f1a4e86c5b26f82fad2f05d0f5571b1dca5ab79d
-
SSDEEP
384:0B8bpEeo0BVJRcDr4ligg9FllFlMSgxBUXXBcN+P:06bpEeo0PJRSrQiDLl1MtxCXXGN+P
-
Chaos Ransomware
-
Chaos family
-
StormKitty payload
-
Stormkitty family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
1Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Hide Artifacts
1Ignore Process Interrupts
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1