General
-
Target
2024-02-06_b339405d60e7219f6d2313c712a43b98_wannacry
-
Size
279KB
-
Sample
240206-c9cwkadfd6
-
MD5
b339405d60e7219f6d2313c712a43b98
-
SHA1
448869cec847c2348093340691ffbc91c43f9924
-
SHA256
893415f77589706593c2ce3cd6f388b0fe035e32cb39d4e1e1a81cea167386a0
-
SHA512
13dfb12dc92d361c3513452887a375f8ba5a73b65611501ac27936cdf6446c4bb9a2e259bfa6b576fc13ba72d57c755762586ec18631329f879fedd5c41cd461
-
SSDEEP
6144:Oc95/KFl0f3OZ9JWAsPb6CvVNbGRUly3RPdIg:j/KFl0f3OZ9kAsD6CdNbGRU43RPdI
Malware Config
Targets
-
-
Target
2024-02-06_b339405d60e7219f6d2313c712a43b98_wannacry
-
Size
279KB
-
MD5
b339405d60e7219f6d2313c712a43b98
-
SHA1
448869cec847c2348093340691ffbc91c43f9924
-
SHA256
893415f77589706593c2ce3cd6f388b0fe035e32cb39d4e1e1a81cea167386a0
-
SHA512
13dfb12dc92d361c3513452887a375f8ba5a73b65611501ac27936cdf6446c4bb9a2e259bfa6b576fc13ba72d57c755762586ec18631329f879fedd5c41cd461
-
SSDEEP
6144:Oc95/KFl0f3OZ9JWAsPb6CvVNbGRUly3RPdIg:j/KFl0f3OZ9kAsD6CdNbGRU43RPdI
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-