General
-
Target
2024-02-17_22c442d48aa7c9f9d35eecd0666dea14_wannacry
-
Size
317KB
-
Sample
240217-njj3qseb4z
-
MD5
22c442d48aa7c9f9d35eecd0666dea14
-
SHA1
a1fdc523787aa5c068613867d0b6c27ee40b70e1
-
SHA256
8d20fefdcc204570b0d19b26fd99553ea89697b3646073b769466aa8ac5fc730
-
SHA512
1d8705708afeccaaaf467d6466d0dbaa6097b2942c7b45c548175c17b771182e89c7557175b8d830ae9e721471aad20ce0902d6861ab3bb9c35a1cf334f2a308
-
SSDEEP
1536:Ho2jYNMNXr9MaAQ/e9rh12xwpUlwhNNxI5/fbBIGbtGutFnL5iU66tDwU1yw+TN+:HojMNXr9MaAQ/eH6wp2wjW/jIIv
Malware Config
Targets
-
-
Target
2024-02-17_22c442d48aa7c9f9d35eecd0666dea14_wannacry
-
Size
317KB
-
MD5
22c442d48aa7c9f9d35eecd0666dea14
-
SHA1
a1fdc523787aa5c068613867d0b6c27ee40b70e1
-
SHA256
8d20fefdcc204570b0d19b26fd99553ea89697b3646073b769466aa8ac5fc730
-
SHA512
1d8705708afeccaaaf467d6466d0dbaa6097b2942c7b45c548175c17b771182e89c7557175b8d830ae9e721471aad20ce0902d6861ab3bb9c35a1cf334f2a308
-
SSDEEP
1536:Ho2jYNMNXr9MaAQ/e9rh12xwpUlwhNNxI5/fbBIGbtGutFnL5iU66tDwU1yw+TN+:HojMNXr9MaAQ/eH6wp2wjW/jIIv
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-