General
-
Target
2024-03-08_93380c107beb90834526bbb0aed3c797_chaos_destroyer_wannacry
-
Size
23KB
-
Sample
240308-ydg2asee96
-
MD5
93380c107beb90834526bbb0aed3c797
-
SHA1
ca75cd68ec67645802ebd6b0385a4e51c5a56b9b
-
SHA256
704f4354e2156b8cff3439fb09f8f2aa68abb9d1d702981062b4946653b832b4
-
SHA512
061ef3f32bc166bafa9c1e37991dd62634747e6fe294b3e93053d3193ee1e845d7320451206fe2762b373346bc30ea911c405179eb71e531baaed62e1740dc32
-
SSDEEP
384:u3MLWHn3kIjf7SxlR24p1SOGy5JRSr91Crxb51eV:Sn3kIP6Pp1IyXwr9SxbDeV
Behavioral task
behavioral1
Sample
2024-03-08_93380c107beb90834526bbb0aed3c797_chaos_destroyer_wannacry.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-03-08_93380c107beb90834526bbb0aed3c797_chaos_destroyer_wannacry.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Users\Admin\Desktop\read_it.txt
chaos
Targets
-
-
Target
2024-03-08_93380c107beb90834526bbb0aed3c797_chaos_destroyer_wannacry
-
Size
23KB
-
MD5
93380c107beb90834526bbb0aed3c797
-
SHA1
ca75cd68ec67645802ebd6b0385a4e51c5a56b9b
-
SHA256
704f4354e2156b8cff3439fb09f8f2aa68abb9d1d702981062b4946653b832b4
-
SHA512
061ef3f32bc166bafa9c1e37991dd62634747e6fe294b3e93053d3193ee1e845d7320451206fe2762b373346bc30ea911c405179eb71e531baaed62e1740dc32
-
SSDEEP
384:u3MLWHn3kIjf7SxlR24p1SOGy5JRSr91Crxb51eV:Sn3kIP6Pp1IyXwr9SxbDeV
Score10/10-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-