General

  • Target

    2024-03-01_92fa0d5e6346139332c3ee039a9fc7c3_wannacry

  • Size

    172KB

  • Sample

    240301-jda6esed62

  • MD5

    92fa0d5e6346139332c3ee039a9fc7c3

  • SHA1

    442662d13173cec6545eda15d14ccec68a576dca

  • SHA256

    c491e6228f85b23b477e9beeab62e3547236a8b40cfa222d8943ca2b7dcfa949

  • SHA512

    d09c8740635e625248c7c50e76ca9171bce4242433f5821a1b50077d9dda8519d718bc544a2a8a9bf586212361fb0f306ce554fc5ca72b7dc95dc4374f1453ed

  • SSDEEP

    3072:50iq9nK97M26+MZjQQbKGUE3T9Mg5hw0GlVdopQ:50iq9K7+jUGULsWVq

Malware Config

Targets

    • Target

      2024-03-01_92fa0d5e6346139332c3ee039a9fc7c3_wannacry

    • Size

      172KB

    • MD5

      92fa0d5e6346139332c3ee039a9fc7c3

    • SHA1

      442662d13173cec6545eda15d14ccec68a576dca

    • SHA256

      c491e6228f85b23b477e9beeab62e3547236a8b40cfa222d8943ca2b7dcfa949

    • SHA512

      d09c8740635e625248c7c50e76ca9171bce4242433f5821a1b50077d9dda8519d718bc544a2a8a9bf586212361fb0f306ce554fc5ca72b7dc95dc4374f1453ed

    • SSDEEP

      3072:50iq9nK97M26+MZjQQbKGUE3T9Mg5hw0GlVdopQ:50iq9K7+jUGULsWVq

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Detects command variations typically used by ransomware

    • Detects executables containing many references to VEEAM. Observed in ransomware

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks