General
-
Target
2024-03-19_6485a5e01ed5d851cb8e328840313b06_wannacry
-
Size
104KB
-
Sample
240319-c3qh3sfb65
-
MD5
6485a5e01ed5d851cb8e328840313b06
-
SHA1
ae420688cb83c6221295e7df991bda2308d55009
-
SHA256
4e84058c96d0e09c5d2fd1f64adc741a7997c4e11eea3c88ac4348acf2665d54
-
SHA512
17db71ae48c93cc70af1ee04f8c22ef61fd4c1a626b8938c73f767cdf8ff7630511312743fd6c476219469965a5b9bd2ca925e07e44c44cd6d62c7ba7e1a2f5b
-
SSDEEP
1536:q3kIhVr9SrJLhXCOrj/Fd1C4PRDu3PBri:q3kKVr9SlVCyfPRD4i
Malware Config
Targets
-
-
Target
2024-03-19_6485a5e01ed5d851cb8e328840313b06_wannacry
-
Size
104KB
-
MD5
6485a5e01ed5d851cb8e328840313b06
-
SHA1
ae420688cb83c6221295e7df991bda2308d55009
-
SHA256
4e84058c96d0e09c5d2fd1f64adc741a7997c4e11eea3c88ac4348acf2665d54
-
SHA512
17db71ae48c93cc70af1ee04f8c22ef61fd4c1a626b8938c73f767cdf8ff7630511312743fd6c476219469965a5b9bd2ca925e07e44c44cd6d62c7ba7e1a2f5b
-
SSDEEP
1536:q3kIhVr9SrJLhXCOrj/Fd1C4PRDu3PBri:q3kKVr9SlVCyfPRD4i
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-