Analysis
-
max time kernel
149s -
max time network
104s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system -
submitted
20/03/2025, 17:40
Behavioral task
behavioral1
Sample
BloodEagle Ransomware Builder.exe
Resource
win11-20250313-en
5 signatures
150 seconds
General
-
Target
BloodEagle Ransomware Builder.exe
-
Size
683KB
-
MD5
bd74ac3a184b41087eaffe1c4e5575f1
-
SHA1
dcf0cc5cf9d633f398bda7821bb04b89ac60870d
-
SHA256
87675dc68eac28c09af5658389267f7160d34865aaa4d2abaf4f127432333bcc
-
SHA512
bed0db9ed78e0459b151849b6c04ed626a664b6779fdce3b5ccdced5dc06c2eea208b08dc1cf153a6781587c45fba3d92a8f5a27952c58fcace27330a75d9526
-
SSDEEP
3072:hL6xoPurnfsj7A0H7GMgXuD//bFLAkC3IGYWEyNakhm5Zt1HrTM/rFLjZkJ:8kj0aGMVFLQJPJUEFL2
Score
10/10
Malware Config
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 1 IoCs
resource yara_rule behavioral1/memory/4608-1-0x0000000000050000-0x0000000000100000-memory.dmp family_chaos -
Chaos family
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
pid Process 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe 4608 BloodEagle Ransomware Builder.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4608 BloodEagle Ransomware Builder.exe