General
-
Target
Atlantis-v1.2.2.zip
-
Size
908KB
-
Sample
250630-xt9ktaeq8s
-
MD5
c902e0bc36134c38e2feee9e463cbfa6
-
SHA1
828dec175d28f2440fdf8d32a1d617e8b9a03db4
-
SHA256
230868fb989ac9ec230bb57d6eb45fc9c0d0dbf0b196ef908d0d50f7b925c317
-
SHA512
7ad5874ea8eed1c0e937c77cc0f71e68b9c5d64b76455b0e8e7799e63b01e4d77b94a741ae74060fca758015a697550e0f9fb7632294f127d707a99bf6c65782
-
SSDEEP
24576:cuJHq3BUkmY0euY/NtzM5tpMP3FVRUblRk8gRgfYieB:jJKRzDJ/Ntw5LMP3F3UblRk8iy4
Behavioral task
behavioral1
Sample
Atlantis-v1.2.2/Atlantis/ATLANTIS.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
Atlantis-v1.2.2/Atlantis/Xeno.dll
Resource
win10v2004-20250610-en
Behavioral task
behavioral3
Sample
Atlantis-v1.2.2/Atlantis/XenoUI.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
Atlantis-v1.2.2/Atlantis/scripts/UNCCheckEnv.js
Resource
win10v2004-20250610-en
Malware Config
Targets
-
-
Target
Atlantis-v1.2.2/Atlantis/ATLANTIS.exe
-
Size
620KB
-
MD5
61da1647e7f34e4dd8a905b93481ee33
-
SHA1
c90af5aeb8ae8bdb46cdc9c790467bb839904b2c
-
SHA256
a4584e8d3ba22bb58576a5ee1f351bf69138018a0ae67a67fc0ecc35c5aec538
-
SHA512
195aabaab7b644950271daf888463b70bf7a2f6ebe1727fb4de27a5788bd5ba357edd63695622fcf1962a7d1c16ab49682a2bbd8293a4f47eab91f984651dea8
-
SSDEEP
3072:v7q9U1yq1yY1vvt1TEjDjuFGcenrb4F9wtD0u9x+LOwemyByS8J8HOGFTg5Yg2KN:v7q9XY1bMiFGnnr8FYj+LpeHxynyb
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
-
-
Target
Atlantis-v1.2.2/Atlantis/Xeno.dll
-
Size
1.7MB
-
MD5
0ea97b26abdc8b9878d22971a20ffbe4
-
SHA1
5bf520303dd261f04ede2c02d52cc541377b6b03
-
SHA256
0959b29dcba81755efaab5929a3e6967bf8a19d1fb43fc837ffcccd4899f2577
-
SHA512
e0d1777c88db1bde8d14931f3332748b523d20b47bc38473c593c80ca32296844a138c7892c5b34e0f5c292ccdac808a511e7af4f404fd165301c65a38a99190
-
SSDEEP
24576:hoW+oOOyKixKfplUaOn2rq8X1cM9QxcjYyctezgCQLHUKnM6fukqm0Q/KwAqJ+:hqxYAaOn2rq8kOgZnCk5MP
Score1/10 -
-
-
Target
Atlantis-v1.2.2/Atlantis/XenoUI.dll
-
Size
94KB
-
MD5
b1dbed88a55dc8998bed6873ba5b3a0a
-
SHA1
59c19ed2866cc48871ee5f084e27b1c52c98ca0e
-
SHA256
fd86731eb19ef49080eba3b302b149b3ed2b7ac18dc925aec212de645cc95197
-
SHA512
85a6c08780621b31156c78a83f1e19c83119214569718651120c6dd68d0d8fe07a2760c10d847847cb2a774ef0100f6afcd6f9171b3d40e941bb23e82e23f3e5
-
SSDEEP
1536:oWhQl5fVuION9Dc/NAwlelv+zT8jq8DlL7NCbHWM/APHV5y6SlqW8S7:v4duON3tzT8jq8DlFj7Pby6SSS7
Score1/10 -
-
-
Target
Atlantis-v1.2.2/Atlantis/scripts/UNCCheckEnv.lua
-
Size
28KB
-
MD5
b76726d10354343d9af5c268e40b47c4
-
SHA1
7103c78071be0c65c8b3a217168cf7909aef748e
-
SHA256
e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5
-
SHA512
5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb
-
SSDEEP
768:JopEYRzOKMrGrE7BWf9r+T+f9TkIuP4hUUsbU8FqQFBF5UXzRFEe3cSG5Sg/i5rx:JEKcZuy9p
Score3/10 -
MITRE ATT&CK Enterprise v16
Execution
Command and Scripting Interpreter
2JavaScript
1Windows Management Instrumentation
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1