Overview

overview

10

Static

static

10

2024-04-09...ry.exe

windows7-x64

2024-04-09...ry.exe

windows10-2004-x64

10

Resubmissions

09-04-2024 09:28

240409-lfmckseh9z 10

09-04-2024 09:23

240409-lcyanseh5t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-09_6351587d8a4d02af63204e1f49b5ba56_wannacry

  • Size

    1.9MB

  • Sample

    240409-lfmckseh9z

  • MD5

    6351587d8a4d02af63204e1f49b5ba56

  • SHA1

    b0c64954ab96ba600ee37c37cfeacc43d04b0959

  • SHA256

    c3cb824c21f93e55a2e8e15e431d9ebaee35b6a85f2764abf95e84dea4b6b765

  • SHA512

    31f945a0b3a1602fa3e1766ee54fbdbaacd46942e7db304a179d5ed553a07649dddcb9c44c91d3a4e085c589f2bd1e0bc3064e12606418d89149b478e57204a7

  • SSDEEP

    24576:o9/D6y/1yOeoErA7vMajzGDX9uZTUir0XZQQ3ffTRuNd7Ciq9VII7OQ:o9bIowAj53aXUZTZeQQwA5z

Score
10/10
chaosevasionransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-04-09_6351587d8a4d02af63204e1f49b5ba56_wannacry

    • Size

      1.9MB

    • MD5

      6351587d8a4d02af63204e1f49b5ba56

    • SHA1

      b0c64954ab96ba600ee37c37cfeacc43d04b0959

    • SHA256

      c3cb824c21f93e55a2e8e15e431d9ebaee35b6a85f2764abf95e84dea4b6b765

    • SHA512

      31f945a0b3a1602fa3e1766ee54fbdbaacd46942e7db304a179d5ed553a07649dddcb9c44c91d3a4e085c589f2bd1e0bc3064e12606418d89149b478e57204a7

    • SSDEEP

      24576:o9/D6y/1yOeoErA7vMajzGDX9uZTUir0XZQQ3ffTRuNd7Ciq9VII7OQ:o9bIowAj53aXUZTZeQQwA5z

    Score
    10/10
    chaosevasionransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks