General

  • Target

    288235e3df5fa3d6ebd2d9192c43747e_wannacry_JC.exe

  • Size

    115KB

  • Sample

    230818-q6c9taab62

  • MD5

    288235e3df5fa3d6ebd2d9192c43747e

  • SHA1

    e1b47c8ad75cbab11b9940dec3adfa5de8bce328

  • SHA256

    c14ba9911b3d9f3f85a600f84538c9ee90dbd627ec3831bb89745a71bc0db16b

  • SHA512

    0511fb2d836f2a592b011537cac5cfc1e3bff90e3bc142e88653b88999785afaedb64d7d485608ca9a7e9199d6de95faccf89cfec122f304cbc275252c14d4be

  • SSDEEP

    3072:aX04v7q9ZM9yFx0ckkJEcBa491Dul6ZWm:54zq9+EqcBN9pj

Malware Config

Targets

    • Target

      288235e3df5fa3d6ebd2d9192c43747e_wannacry_JC.exe

    • Size

      115KB

    • MD5

      288235e3df5fa3d6ebd2d9192c43747e

    • SHA1

      e1b47c8ad75cbab11b9940dec3adfa5de8bce328

    • SHA256

      c14ba9911b3d9f3f85a600f84538c9ee90dbd627ec3831bb89745a71bc0db16b

    • SHA512

      0511fb2d836f2a592b011537cac5cfc1e3bff90e3bc142e88653b88999785afaedb64d7d485608ca9a7e9199d6de95faccf89cfec122f304cbc275252c14d4be

    • SSDEEP

      3072:aX04v7q9ZM9yFx0ckkJEcBa491Dul6ZWm:54zq9+EqcBN9pj

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks