Extracted

• • Target

    2024-04-22_e9b220e484d0526c883000011902314b_destroyer_wannacry

  • Size

    46KB

  • MD5

    e9b220e484d0526c883000011902314b

  • SHA1

    0fd828b30b82decd203e580d54591a39b41c6795

  • SHA256

    29fd8c24e498db51eaf961e3f2a5702f50b3b60892979d9eee14c5cde35fdfdb

  • SHA512

    f65b510f24fa044361392c0b15bf985b94134969de65533fa3070e0dfb2a25fa789561babf9e477750030247b1e54d9fe98b4c19322c1d5f735458d52900d575

  • SSDEEP

    768:jqo2YOpYxQ9r9Wu9F8eXbwUpQYzF/VtH0NVHD7lxwp1Eev7H8l/uwee8:Oo2YpQ9r9Wu9pz9H0fjaEgHEn8

  Score

  10^/10

  chaosevasionransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Detects command variations typically used by ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2