Extracted

• • Target

    2023-03-04_4bd9a222a3b2172e0c6ac2524676336b_destroyer_wannacry.exe

  • Size

    22KB

  • MD5

    4bd9a222a3b2172e0c6ac2524676336b

  • SHA1

    6769d37c678cc4eb2fd54ca70ceb41c779dae747

  • SHA256

    b7a692f9deaa523f469e35779fb10925e2c74c04a556ec8e13026d8e2107900e

  • SHA512

    39a66caa93194fa28a1dba323c30605a36eb2436958e462c7192ee23ef3fef2f25f8dab370263a22e003937cfb9097c1ad000fe882cbee825d263379048c81eb

  • SSDEEP

    384:n3MLWHn3kI3WT4+BzhQXsQoZdtKXRuJkr91CzGb5rex:Tn3kIR+FhQN2fKXRykr9iGbBex

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2