General

  • Target

    f82762214b095a7508be150c6de5579c_wannacry_JC.exe

  • Size

    112KB

  • Sample

    230831-v4t7rsge8y

  • MD5

    f82762214b095a7508be150c6de5579c

  • SHA1

    3f55428bcd35e4d58dd2458b8cae6029b158b460

  • SHA256

    1ab84bd653ca8568f107b6f4bdf38c1839bfefda66d3af8013c781f6ac04c6e8

  • SHA512

    3542a364b96bbda171082b595b7e051403af0263f303ba84de9ca134a7f6294253cdf90468512405d365790370e2c72b06910435ace1094cc61e524e7388cef8

  • SSDEEP

    3072:hX04v7q9ZM9yFx0ckkJEcBa491Dul6ZW:q4zq9+EqcBN9p

Malware Config

Targets

    • Target

      f82762214b095a7508be150c6de5579c_wannacry_JC.exe

    • Size

      112KB

    • MD5

      f82762214b095a7508be150c6de5579c

    • SHA1

      3f55428bcd35e4d58dd2458b8cae6029b158b460

    • SHA256

      1ab84bd653ca8568f107b6f4bdf38c1839bfefda66d3af8013c781f6ac04c6e8

    • SHA512

      3542a364b96bbda171082b595b7e051403af0263f303ba84de9ca134a7f6294253cdf90468512405d365790370e2c72b06910435ace1094cc61e524e7388cef8

    • SSDEEP

      3072:hX04v7q9ZM9yFx0ckkJEcBa491Dul6ZW:q4zq9+EqcBN9p

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks