General
-
Target
2024-05-10_a87448407f580aca26856668b1421ca3_destroyer_wannacry
-
Size
27KB
-
Sample
240510-a48pyaca65
-
MD5
a87448407f580aca26856668b1421ca3
-
SHA1
ea453ed748d7b59f27e6ccbe7a3c47982b8d831a
-
SHA256
018699d7f48805c5eec9236d386c71883a3bb78cc29eec6a354784547672c267
-
SHA512
9e0e24f0aef6aaf7a13cbb646084484f7eaf80f83eb2390e3764cd28982ec5d4148291e14c617f6fe38fe2eb5f8dbae3a45770a7d0919860d09c582e02743233
-
SSDEEP
384:QtWZPzzxAm1vqD8Sks4grPiEDNBYfpQlQ/xsV7LlJqGNl8Oy5o91oc882vy:l7zxAmu8Sn4LEZVqDho9aP826
Malware Config
Targets
-
-
Target
2024-05-10_a87448407f580aca26856668b1421ca3_destroyer_wannacry
-
Size
27KB
-
MD5
a87448407f580aca26856668b1421ca3
-
SHA1
ea453ed748d7b59f27e6ccbe7a3c47982b8d831a
-
SHA256
018699d7f48805c5eec9236d386c71883a3bb78cc29eec6a354784547672c267
-
SHA512
9e0e24f0aef6aaf7a13cbb646084484f7eaf80f83eb2390e3764cd28982ec5d4148291e14c617f6fe38fe2eb5f8dbae3a45770a7d0919860d09c582e02743233
-
SSDEEP
384:QtWZPzzxAm1vqD8Sks4grPiEDNBYfpQlQ/xsV7LlJqGNl8Oy5o91oc882vy:l7zxAmu8Sn4LEZVqDho9aP826
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Detects command variations typically used by ransomware
-
Detects executables containing many references to VEEAM. Observed in ransomware
-
Modifies boot configuration data using bcdedit
-
Renames multiple (170) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-