General
-
Target
2024-03-20_1b2fdf47aaaccaf622e33cb4dd63e8e2_wannacry
-
Size
372KB
-
Sample
240331-k3d42shh42
-
MD5
1b2fdf47aaaccaf622e33cb4dd63e8e2
-
SHA1
1130c9d40bc5ab004918a509811f914605594961
-
SHA256
24266d8af5e54a179ca62fe8ba586a9bced5e39565ad05f33583a3fc8f509613
-
SHA512
f494e23997ba85df3fcdaaaeb1d6c056de6f7b6a22ecf8df4797b302016deafea0d2030058680baa521cae93cf5921b3bd58d1750274819f866a868beff2739c
-
SSDEEP
3072:doeNsCr9h4ca2aHBSCAb2+IPdG1UlcaVSptR4jiYFD:nNr9h4ca7SCdI12cTtRcf
Malware Config
Targets
-
-
Target
2024-03-20_1b2fdf47aaaccaf622e33cb4dd63e8e2_wannacry
-
Size
372KB
-
MD5
1b2fdf47aaaccaf622e33cb4dd63e8e2
-
SHA1
1130c9d40bc5ab004918a509811f914605594961
-
SHA256
24266d8af5e54a179ca62fe8ba586a9bced5e39565ad05f33583a3fc8f509613
-
SHA512
f494e23997ba85df3fcdaaaeb1d6c056de6f7b6a22ecf8df4797b302016deafea0d2030058680baa521cae93cf5921b3bd58d1750274819f866a868beff2739c
-
SSDEEP
3072:doeNsCr9h4ca2aHBSCAb2+IPdG1UlcaVSptR4jiYFD:nNr9h4ca7SCdI12cTtRcf
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Renames multiple (193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-