General
-
Target
2023-03-04_72ea584eebe5705ea1fd5a02dbfe86a1_wannacry.exe
-
Size
458KB
-
Sample
230305-jzeezaga79
-
MD5
72ea584eebe5705ea1fd5a02dbfe86a1
-
SHA1
f6d6cdef7eb41e9c201ee52832036bd8a68d0e44
-
SHA256
ed12ea76d03b8255f361975cebd5c579491dacc60c52e03373e7bf509523820a
-
SHA512
e928592dd7061388957c3f1acc82dfd8e105de486e8cbd4835029f7d302f71dcdcb8d9dfd0b2a5b53fbd2679dcc6f8559487e1e5767d26431fc67348d1f4ab08
-
SSDEEP
12288:GJaHnpS22Yh6Nesa6rZvvihw61SLQkY5Pa1uLkB3gE88uY2:DpSosXaYhVZVMVm2
Malware Config
Targets
-
-
Target
2023-03-04_72ea584eebe5705ea1fd5a02dbfe86a1_wannacry.exe
-
Size
458KB
-
MD5
72ea584eebe5705ea1fd5a02dbfe86a1
-
SHA1
f6d6cdef7eb41e9c201ee52832036bd8a68d0e44
-
SHA256
ed12ea76d03b8255f361975cebd5c579491dacc60c52e03373e7bf509523820a
-
SHA512
e928592dd7061388957c3f1acc82dfd8e105de486e8cbd4835029f7d302f71dcdcb8d9dfd0b2a5b53fbd2679dcc6f8559487e1e5767d26431fc67348d1f4ab08
-
SSDEEP
12288:GJaHnpS22Yh6Nesa6rZvvihw61SLQkY5Pa1uLkB3gE88uY2:DpSosXaYhVZVMVm2
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-