Overview

overview

10

Static

static

10

2024-04-15...ry.exe

windows7-x64

10

2024-04-15...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-15_463db363dcf29c2d1d498952586d815a_wannacry

  • Size

    229KB

  • Sample

    240415-zekdgsff96

  • MD5

    463db363dcf29c2d1d498952586d815a

  • SHA1

    19145465538f02d6c4ab954bf45157badc18bf60

  • SHA256

    fd7740837a82aed3fcce2869488e128bd7524fcf78f1f38bb604aea6e39d3469

  • SHA512

    2e6618f4515f14916ad5b83b71d5c00c0e3dea7656cfbd1d598cfcd6f3cc418a679b5bdb1efdc4882e0ebc9b0c1f4a8dc4431706ebb8476b1d8f236d4b7c5985

  • SSDEEP

    3072:13kLQj6Lr9SWWZt+em3xr8E1Q8dm0NYuaacYee2bE6//hXngpw4MmFQGvDr3S:cVr9SRVr0Cu+Fp8Hvn3

Score
10/10
chaosevasionransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-04-15_463db363dcf29c2d1d498952586d815a_wannacry

    • Size

      229KB

    • MD5

      463db363dcf29c2d1d498952586d815a

    • SHA1

      19145465538f02d6c4ab954bf45157badc18bf60

    • SHA256

      fd7740837a82aed3fcce2869488e128bd7524fcf78f1f38bb604aea6e39d3469

    • SHA512

      2e6618f4515f14916ad5b83b71d5c00c0e3dea7656cfbd1d598cfcd6f3cc418a679b5bdb1efdc4882e0ebc9b0c1f4a8dc4431706ebb8476b1d8f236d4b7c5985

    • SSDEEP

      3072:13kLQj6Lr9SWWZt+em3xr8E1Q8dm0NYuaacYee2bE6//hXngpw4MmFQGvDr3S:cVr9SRVr0Cu+Fp8Hvn3

    Score
    10/10
    chaosevasionransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Detects command variations typically used by ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks