General

  • Target

    db472ec2bee48bc9b193c57866906b79_wannacry_JC.exe

  • Size

    1.2MB

  • Sample

    230812-xbpgxsfg2t

  • MD5

    db472ec2bee48bc9b193c57866906b79

  • SHA1

    988fc9c4f56ca78d0efc3488b5370dfc8c254b34

  • SHA256

    294e42bee394684a687bb70bfd882e333533243e5001ba2056f34eebb44e241b

  • SHA512

    8be17540300b658fc55a35b4224804934feedc1e02ffc918ddd9a0d973c604a9a1d8b01c78bf1488be486483848d56e5f92ac3bf735ca95c95fdd1b74f7d7c45

  • SSDEEP

    12288:iJxffdSwBjKyFAXc+WoonpjNTscfJLNH7KBsA7I+i7yMMS36ZFQjjLWK/mYdpuv/:sjKyBr37ivLKExV+CcGsuAt

Malware Config

Targets

    • Target

      db472ec2bee48bc9b193c57866906b79_wannacry_JC.exe

    • Size

      1.2MB

    • MD5

      db472ec2bee48bc9b193c57866906b79

    • SHA1

      988fc9c4f56ca78d0efc3488b5370dfc8c254b34

    • SHA256

      294e42bee394684a687bb70bfd882e333533243e5001ba2056f34eebb44e241b

    • SHA512

      8be17540300b658fc55a35b4224804934feedc1e02ffc918ddd9a0d973c604a9a1d8b01c78bf1488be486483848d56e5f92ac3bf735ca95c95fdd1b74f7d7c45

    • SSDEEP

      12288:iJxffdSwBjKyFAXc+WoonpjNTscfJLNH7KBsA7I+i7yMMS36ZFQjjLWK/mYdpuv/:sjKyBr37ivLKExV+CcGsuAt

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks