General
-
Target
2024-02-13_6720d54c57eaf67f1abb0a02f30a8da1_wannacry
-
Size
2.1MB
-
Sample
240213-g5zlzscg33
-
MD5
6720d54c57eaf67f1abb0a02f30a8da1
-
SHA1
5e3e55ed9f0e8aa23ce86a03bf8f2e2a0c77a170
-
SHA256
7be39ec32895583ce17edf3573e8471987f666d8fb56ecb6d4437bd4a6102b2f
-
SHA512
b146ca2df3ee5016400064e51a87853e5897a638d8b3a81ac0b6c984acdef7490f39137d210a738dd562c7eb0a46e4b4f7b7e8b6bdf5a557a978131f0ab52304
-
SSDEEP
1536:okYsc9Ovtaz4jaxtfb5Rxp17kZJr97nOcLyKnal:Esc9OvteJRf17EVLR6
Malware Config
Targets
-
-
Target
2024-02-13_6720d54c57eaf67f1abb0a02f30a8da1_wannacry
-
Size
2.1MB
-
MD5
6720d54c57eaf67f1abb0a02f30a8da1
-
SHA1
5e3e55ed9f0e8aa23ce86a03bf8f2e2a0c77a170
-
SHA256
7be39ec32895583ce17edf3573e8471987f666d8fb56ecb6d4437bd4a6102b2f
-
SHA512
b146ca2df3ee5016400064e51a87853e5897a638d8b3a81ac0b6c984acdef7490f39137d210a738dd562c7eb0a46e4b4f7b7e8b6bdf5a557a978131f0ab52304
-
SSDEEP
1536:okYsc9Ovtaz4jaxtfb5Rxp17kZJr97nOcLyKnal:Esc9OvteJRf17EVLR6
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (125) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-