Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    cfd5d9a4e67799f2428c6071dcc13fcf726f49ec3e706f0302b4592a3a0a08f0.exe

  • Size

    68KB

  • MD5

    5de719d56f38039bb9c915d689a5a4da

  • SHA1

    f46d4ed9851b0980d5a9139defd456a58c6aaaaa

  • SHA256

    cfd5d9a4e67799f2428c6071dcc13fcf726f49ec3e706f0302b4592a3a0a08f0

  • SHA512

    48756ac79f23cb26620ff135fe93a87768cf9a02b941ade68e3e27981adc8431f76d58aa057525de88742c7ec900b4ea02c52abb3889cd176a3ae14e956dc678

  • SSDEEP

    768:oY53/zkfCQxmGgV5YlpJ6RIDWeRdppvO/9rjca9nsUKhK:B/z5Qxd6m3WIw9MhK

  Score

  1^/10
  behavioral1behavioral2behavioral3behavioral4behavioral5

• • Target

    da6f543313480695aab95a5e685741a8d185fba0600363f74063eb1cda0f672e.exe

  • Size

    117KB

  • MD5

    bca754bd6e7b4c7b23e17d0244e425d0

  • SHA1

    257cef8651509e1e33d95b07d5a7b07fcf1f6f4f

  • SHA256

    da6f543313480695aab95a5e685741a8d185fba0600363f74063eb1cda0f672e

  • SHA512

    02cab68478ad9b3c14336d2178a642d27b7ca3af6beb9ecfbddd8f6c5641164d0728df9821e5c59385831cb63178e7837670f779b81a66e079ada5cb66eac7d4

  • SSDEEP

    3072:xd5BJOoMqqDL2/OvvdHv3uqz3++OAYWgO:xdJODqqDL6gvdHveqi+GWgO

  Score

  6^/10

  discoverypersistence

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral10behavioral6behavioral7behavioral8behavioral9

• • Target

    e05323d9ca6df47d9add5b2f757ea2490ebd11dfe1b56b82a9e93ba9d814e162.exe

  • Size

    195KB

  • MD5

    ed9150c61fd66757f5dc1357c1384617

  • SHA1

    220466f711e96f202c107d4ed05ffe837c1099a3

  • SHA256

    e05323d9ca6df47d9add5b2f757ea2490ebd11dfe1b56b82a9e93ba9d814e162

  • SHA512

    4690335470be0512010db4b4ffde42043602fdff9587ecc930fbbcec694bf934e7c140ccdec4e8c7aa3d1aff97940ee4c75ba27a71ee29a3c3fc5cf873154fd4

  • SSDEEP

    3072:Jquj3THroBGHnTKslI0rjxHTgLcbE/6i6e1eXC/T9CJg29LV4q9/:B3THkBGHTKLMtHTd4/UbXUT9X2rP9

  Score

  3^/10

  discovery
  behavioral11behavioral12behavioral13behavioral14behavioral15

• • Target

    e48bd2f16b53a3630f3fca69d0d236d15bc23b08754d980bd29b15841b0fdf14.exe

  • Size

    137KB

  • MD5

    9b02b542834573f9502ca83719a73a01

  • SHA1

    f3bc7cf16eec977772455f3fce87fed505fb18e3

  • SHA256

    e48bd2f16b53a3630f3fca69d0d236d15bc23b08754d980bd29b15841b0fdf14

  • SHA512

    290c7a5bfc921817d1803ddbe8dd07210301082498945bcabdb597368f92c6fc1050cefec514e6d250571cb4afd6427d8e4ab7cd15d7a46a44cb088cd4d1b031

  • SSDEEP

    3072:Eoy7AHYqr9ACDYVbu4sijUtSWnFA22WnVaxs2gzx+IjBz2:0mr9AHVycjUgWnFAGms2gzoch

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Renames multiple (199) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral16behavioral17behavioral18behavioral19behavioral20

• • Target

    ecfb5c95d0f3d112650ef4047936e8fa5244c21c921f6c7a6963e92abab4949d.exe

  • Size

    52KB

  • MD5

    ba9210de03de945901f02792f7994871

  • SHA1

    20c4569cbb6f2650b02f6a5257faa8a8dfb298bd

  • SHA256

    ecfb5c95d0f3d112650ef4047936e8fa5244c21c921f6c7a6963e92abab4949d

  • SHA512

    277d26eea627b3da26664aaa4f72a7b79cd50311e45c59333563b4f58b76e6562cbaa1d55127c69d0830864721efa890fa824e1be381cca5e84bddc98f2b44d0

  • SSDEEP

    1536:EJJRZQJes5b0k5bbyu6hXOKJrkH6sNNW:oJRa4kLmNVOKJIasNE

  Score

  10^/10

  defense_evasiondiscoveryevasionexecutionimpactpersistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Disables Task Manager via registry modification

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral21behavioral22behavioral23behavioral24behavioral25

• • Target

    f08c1c26d375f6881990756e39208017b02af75fca0ebddb72f5e5c14e20363f.exe

  • Size

    70KB

  • MD5

    4784fae86332064057d0ab8b73a1b67e

  • SHA1

    f38b61a64119b8b1c2562ca8a6416a2b0c7528b8

  • SHA256

    f08c1c26d375f6881990756e39208017b02af75fca0ebddb72f5e5c14e20363f

  • SHA512

    62312d637d0feda0f565841274ecff5f07cfada08d7a899d68deb314f52d9d5e64733ba6a8fae7b979625b0302e9f270419cf1801239cf597c5af19b47aaf686

  • SSDEEP

    1536:1ZZZZZZZZZZZZpXzzzzzzzzzzzzADypczUk+lkZJngWMqqU+2bbbAV2/S2OvvdZl:kd5BJHMqqDL2/Ovvdr

  Score

  6^/10

  discoverypersistence

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral26behavioral27behavioral28behavioral29behavioral30