chaos | 11e508b38307c2ee091406449b78fc1e5cae7d48ac40e4fc3339cb31a4d52754 | Triage

Submit
Reports

Overview

overview

Static

static

Catto.exe

windows10-2004-x64

Sharing

General

Target

Catto.exe
Size

343KB
Sample

250404-1z52csvze1
MD5

8ed3ba6941919a0d9bb1cb5007476949
SHA1

95d3a559bb1842ec2b4c6f9d58ef0273f72740ff
SHA256

11e508b38307c2ee091406449b78fc1e5cae7d48ac40e4fc3339cb31a4d52754
SHA512

b1ad1f260c12f6642b54c787d05bf34456dcd7839f3b533583769b694adfe07006524511a2a09018f5c39e1fada17a373614837af2db5f3931eb7b3147e69f47
SSDEEP

3072:wCc9Km9m2n1ycrCcjtTzqP/Jf7R/9lmyAnMyYVO3zlN5xu2ZsRYHeQKkMjnXJ+Zi:Lc9picmax+JAn7Q8zlA+H+QxonXS

Score

10^/10

chaos ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Catto.exe

Resource

win10v2004-20250314-en

chaos ransomware spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  Catto.exe
- Size
  
  343KB
- MD5
  
  8ed3ba6941919a0d9bb1cb5007476949
- SHA1
  
  95d3a559bb1842ec2b4c6f9d58ef0273f72740ff
- SHA256
  
  11e508b38307c2ee091406449b78fc1e5cae7d48ac40e4fc3339cb31a4d52754
- SHA512
  
  b1ad1f260c12f6642b54c787d05bf34456dcd7839f3b533583769b694adfe07006524511a2a09018f5c39e1fada17a373614837af2db5f3931eb7b3147e69f47
- SSDEEP
  
  3072:wCc9Km9m2n1ycrCcjtTzqP/Jf7R/9lmyAnMyYVO3zlN5xu2ZsRYHeQKkMjnXJ+Zi:Lc9picmax+JAn7Q8zlA+H+QxonXS
Score

10^/10

chaos ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- Renames multiple (195) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

chaosransomwarespywarestealer

© 2018-2025

Terms | Privacy