General
-
Target
2024-02-02_9f5f28e290f1ac8a04960ab1428bf318_chaos_destroyer_wannacry
-
Size
24KB
-
Sample
240202-zagf2ahahm
-
MD5
9f5f28e290f1ac8a04960ab1428bf318
-
SHA1
bb73fafa58d70f84775d8f67ad3c16ef4705019e
-
SHA256
9b353723692ee47483a2d59789f7e337cf34cc0c3603e7d49c103a24d3c211a7
-
SHA512
3eaf097a2358ec19ebab96e4f3f2b21f97d10f7ac169afe10bcc4d61d283aee81d146e33942fee1e9deb5e3b850ac80a502f9ff0b1469d6a019962fd14bf63ab
-
SSDEEP
384:23MLWHn3kIHWrzdLrJmhjZTBpEF3+nJOr91CrDwcVeb:6n3kI2C1pEF+Or9SUceb
Malware Config
Targets
-
-
Target
2024-02-02_9f5f28e290f1ac8a04960ab1428bf318_chaos_destroyer_wannacry
-
Size
24KB
-
MD5
9f5f28e290f1ac8a04960ab1428bf318
-
SHA1
bb73fafa58d70f84775d8f67ad3c16ef4705019e
-
SHA256
9b353723692ee47483a2d59789f7e337cf34cc0c3603e7d49c103a24d3c211a7
-
SHA512
3eaf097a2358ec19ebab96e4f3f2b21f97d10f7ac169afe10bcc4d61d283aee81d146e33942fee1e9deb5e3b850ac80a502f9ff0b1469d6a019962fd14bf63ab
-
SSDEEP
384:23MLWHn3kIHWrzdLrJmhjZTBpEF3+nJOr91CrDwcVeb:6n3kI2C1pEF+Or9SUceb
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-