General

  • Target

    2023-08-26_ef4ec2e14b72f57c074d4faa814fb0d4_wannacry_JC.exe

  • Size

    6.1MB

  • Sample

    231001-zwt91sfc72

  • MD5

    ef4ec2e14b72f57c074d4faa814fb0d4

  • SHA1

    8741a96e0c7a7ffc40db2cd486205a420a3c236e

  • SHA256

    22567b0583fff8716864bcd95e13fe4988fe454ec0289a460020a224380aa09d

  • SHA512

    b758cd68aff007cbf99b330a927130a60807bd4b56f557167b37cbfa90275758671c007eb99830bc001c989107476dc16b8febbfccb7dbd06f89106b7fc4eb29

  • SSDEEP

    49152:1KryVO/DnYD+fh/PckIa0MiMpk/7DI1NQCmiIgI3uqyHAK/S:

Malware Config

Targets

    • Target

      2023-08-26_ef4ec2e14b72f57c074d4faa814fb0d4_wannacry_JC.exe

    • Size

      6.1MB

    • MD5

      ef4ec2e14b72f57c074d4faa814fb0d4

    • SHA1

      8741a96e0c7a7ffc40db2cd486205a420a3c236e

    • SHA256

      22567b0583fff8716864bcd95e13fe4988fe454ec0289a460020a224380aa09d

    • SHA512

      b758cd68aff007cbf99b330a927130a60807bd4b56f557167b37cbfa90275758671c007eb99830bc001c989107476dc16b8febbfccb7dbd06f89106b7fc4eb29

    • SSDEEP

      49152:1KryVO/DnYD+fh/PckIa0MiMpk/7DI1NQCmiIgI3uqyHAK/S:

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks