chimera

General

Target

Glorp.exe
Size

28.2MB
Sample

250415-m68tyaw1bx
MD5

f7e236107f13e7ebb4171ecd6be3fc45
SHA1

69bee8d4328c771c62e039a4fac71cab6f7c1dea
SHA256

84f097b60f92ed039417665bd4eb9bd33eaf77890554e00adb4cd587de19b4ee
SHA512

afb310a936d3a95d504531d9b9253c0ca23b128fefe8be74bc94ee98e0aba2d1bdd239733bd4b87b1b926f899761e20f4d880815328b7cdd9c48c85feafdf553
SSDEEP

786432:dtC7QZ2YwUlJjXMb8vhPA5Mx7G92sqAD4ohONb:YQZ2mlBcghPymS9zqAL

Score

10^/10

Malware Config

Targets

- Target
  
  Glorp.exe
- Size
  
  28.2MB
- MD5
  
  f7e236107f13e7ebb4171ecd6be3fc45
- SHA1
  
  69bee8d4328c771c62e039a4fac71cab6f7c1dea
- SHA256
  
  84f097b60f92ed039417665bd4eb9bd33eaf77890554e00adb4cd587de19b4ee
- SHA512
  
  afb310a936d3a95d504531d9b9253c0ca23b128fefe8be74bc94ee98e0aba2d1bdd239733bd4b87b1b926f899761e20f4d880815328b7cdd9c48c85feafdf553
- SSDEEP
  
  786432:dtC7QZ2YwUlJjXMb8vhPA5Mx7G92sqAD4ohONb:YQZ2mlBcghPymS9zqAL
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  Bot.pyc
- Size
  
  10KB
- MD5
  
  6687be1cbccf9d9cc1c22b50b59ccd2f
- SHA1
  
  ad0a89b7c7c57b5c485878ef9e5bf8602917aab9
- SHA256
  
  ebcca5cc9d6e9daff6f3b0c547e44c07bc26d0fc28ea289806ab557ee4b5925f
- SHA512
  
  68268fcef45aef3f12af5971b107deeb79d441d864fd75d4ab00f03e6fe49b4d440fa0c30885c242348116d8e13f79cf87e80f1cc3fa84c4090fdbff8045d3ef
- SSDEEP
  
  192:fCVZG/7Z0eu9p/iC3P3upCpdkY2h5POEKe0:fCVZGd0B9p/93qTPlg
Score

10^/10

chimera defense_evasion discovery ransomware spyware stealer upx
- Chimera
  Ransomware which infects local and network files, often distributed via Dropbox links.
  ransomware chimera
- Chimera Ransomware Loader DLL
  Drops/unpacks executable file which resembles Chimera's Loader.dll.
  ransomware
- Chimera family
  chimera
- Renames multiple (3282) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2