chaos | 668fc09af59e50f9df62732d13f4d3e163d92f2589d5d2028d9fbd654544b095 | Triage

Sharing

General

Target

ggks8BOYJvu5Z0t.exe
Size

1.3MB
Sample

250402-vqsf1stkv7
MD5

411906e2a8126c0d101eb899e68f6bb7
SHA1

d97132652d249a0c2a32ccaf3a5e0e1f8a97df37
SHA256

668fc09af59e50f9df62732d13f4d3e163d92f2589d5d2028d9fbd654544b095
SHA512

b4aa133296ce31e068daa75d0bd2b966bdfd843eea79b7f643203757e5d3aba5130fce5be94e8bb740a42d2638cb068217ed95568aef58f7ed59635502f52a41
SSDEEP

24576:7fM5LqgwlU6N3Og9tMm50m6+KvoaN6Fq63/3yao+DnlijaHto/d1WRKQXCQrQeDf:rM5vwC6RrMm50m6+Kwo3PHk9o

Score

10^/10

chaos defense_evasion discovery execution impact persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  ggks8BOYJvu5Z0t.exe
- Size
  
  1.3MB
- MD5
  
  411906e2a8126c0d101eb899e68f6bb7
- SHA1
  
  d97132652d249a0c2a32ccaf3a5e0e1f8a97df37
- SHA256
  
  668fc09af59e50f9df62732d13f4d3e163d92f2589d5d2028d9fbd654544b095
- SHA512
  
  b4aa133296ce31e068daa75d0bd2b966bdfd843eea79b7f643203757e5d3aba5130fce5be94e8bb740a42d2638cb068217ed95568aef58f7ed59635502f52a41
- SSDEEP
  
  24576:7fM5LqgwlU6N3Og9tMm50m6+KvoaN6Fq63/3yao+DnlijaHto/d1WRKQXCQrQeDf:rM5vwC6RrMm50m6+Kwo3PHk9o
Score

10^/10

chaos defense_evasion discovery execution impact persistence ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Disables Task Manager via registry modification
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

chaosdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer