Overview

overview

10

Static

static

10

2024-03-01...ry.exe

windows7-x64

10

2024-03-01...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-03-01_a241612b5e52ca2a33c72ac7d12ac07e_wannacry

  • Size

    211KB

  • Sample

    240301-kdrzlsee5z

  • MD5

    a241612b5e52ca2a33c72ac7d12ac07e

  • SHA1

    88cb40acc46ff18b0dfc0e283748e117f8fcc494

  • SHA256

    4c8a411ba653c73d9cf47886f3319ccab05373aa8024553a565eca0776397683

  • SHA512

    d4db8e1d4988390338fe0ae396b9140d67fbfa0c1e1c196c8f74c30bb9de4ec0f0d490f550abec49ff27514495c385a5b4b45479c6b2d2cae48b1d0853305b88

  • SSDEEP

    3072:vjSdeLRfmTcGPp97M26+MZjQQbKGUE3T9Mg5hw0GlVdopt5:BdwcGh7+jUGULsWVq

Score
10/10
chaosevasionpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-03-01_a241612b5e52ca2a33c72ac7d12ac07e_wannacry

    • Size

      211KB

    • MD5

      a241612b5e52ca2a33c72ac7d12ac07e

    • SHA1

      88cb40acc46ff18b0dfc0e283748e117f8fcc494

    • SHA256

      4c8a411ba653c73d9cf47886f3319ccab05373aa8024553a565eca0776397683

    • SHA512

      d4db8e1d4988390338fe0ae396b9140d67fbfa0c1e1c196c8f74c30bb9de4ec0f0d490f550abec49ff27514495c385a5b4b45479c6b2d2cae48b1d0853305b88

    • SSDEEP

      3072:vjSdeLRfmTcGPp97M26+MZjQQbKGUE3T9Mg5hw0GlVdopt5:BdwcGh7+jUGULsWVq

    Score
    10/10
    chaosevasionpersistenceransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Detects command variations typically used by ransomware

    • Detects executables containing many references to VEEAM. Observed in ransomware

    • Detects executables packed with ConfuserEx Mod

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks