General

  • Target

    2024-02-29_02b069c665a623a1f5624eca23e93531_wannacry

  • Size

    115KB

  • Sample

    240229-bsgyhsab2y

  • MD5

    02b069c665a623a1f5624eca23e93531

  • SHA1

    61f4fc34711a714cb29f4b9f74911e9c89997a83

  • SHA256

    77c6b723977f4853e12c83840f1ea3a3e62c22e586273880dad377b8bfe95d7b

  • SHA512

    e3dab7f2a5596bba14e95f8fe04d2b308df0eb47394d7fd12451aaba245578170bd5192757f0d5bc52abedaa5f70ebe454fd7ae759e93fd71ce172488a1c34e7

  • SSDEEP

    3072:Boy3MtAr9zjAoclgHqO6pshDPbSk7nXE:Fxr9zYO6sFeKnX

Malware Config

Targets

    • Target

      2024-02-29_02b069c665a623a1f5624eca23e93531_wannacry

    • Size

      115KB

    • MD5

      02b069c665a623a1f5624eca23e93531

    • SHA1

      61f4fc34711a714cb29f4b9f74911e9c89997a83

    • SHA256

      77c6b723977f4853e12c83840f1ea3a3e62c22e586273880dad377b8bfe95d7b

    • SHA512

      e3dab7f2a5596bba14e95f8fe04d2b308df0eb47394d7fd12451aaba245578170bd5192757f0d5bc52abedaa5f70ebe454fd7ae759e93fd71ce172488a1c34e7

    • SSDEEP

      3072:Boy3MtAr9zjAoclgHqO6pshDPbSk7nXE:Fxr9zYO6sFeKnX

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Detects command variations typically used by ransomware

    • Renames multiple (222) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks