chaos | 0f3d700c95b21e5437c0aedb3cacd787ce6701c49180d8d564e4574dffc42190 | Triage

Submit
Reports

Overview

overview

Static

static

2023-02-03...ry.exe

windows7-x64

2023-02-03...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2023-02-03_2c6f8e680a400cb2b5426090ccbdea93_wannacry.exe
Size

1.9MB
Sample

230204-f4ckdsfh5z
MD5

2c6f8e680a400cb2b5426090ccbdea93
SHA1

47a691c438547b27fac9896f3783026d8be4dbe9
SHA256

0f3d700c95b21e5437c0aedb3cacd787ce6701c49180d8d564e4574dffc42190
SHA512

48a70440e4009c4ab2a913ee3b9dc24b73ab4413cc82f5e8194f1cca87ead356de1de90c461c9109afa5f690cb0c9365f49a5ea83f54b4ad97c4287346237f03
SSDEEP

24576:CSndG2iSNjN2w9Os9cRfO/d8mT6c6aVqwPhUMel84Mn:HfJqsgXmgyJPu

Score

10^/10

chaos evasion ransomware spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2023-02-03_2c6f8e680a400cb2b5426090ccbdea93_wannacry.exe

Resource

win7-20221111-en

chaos evasion ransomware spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-02-03_2c6f8e680a400cb2b5426090ccbdea93_wannacry.exe

Resource

win10v2004-20221111-en

chaos evasion ransomware spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-02-03_2c6f8e680a400cb2b5426090ccbdea93_wannacry.exe
- Size
  
  1.9MB
- MD5
  
  2c6f8e680a400cb2b5426090ccbdea93
- SHA1
  
  47a691c438547b27fac9896f3783026d8be4dbe9
- SHA256
  
  0f3d700c95b21e5437c0aedb3cacd787ce6701c49180d8d564e4574dffc42190
- SHA512
  
  48a70440e4009c4ab2a913ee3b9dc24b73ab4413cc82f5e8194f1cca87ead356de1de90c461c9109afa5f690cb0c9365f49a5ea83f54b4ad97c4287346237f03
- SSDEEP
  
  24576:CSndG2iSNjN2w9Os9cRfO/d8mT6c6aVqwPhUMel84Mn:HfJqsgXmgyJPu
Score

10^/10

chaos evasion ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

chaosevasionransomwarespywarestealer

behavioral2

chaosevasionransomwarespywarestealer

© 2018-2025

Terms | Privacy