General
-
Target
2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry
-
Size
88KB
-
Sample
240614-jgwljazhle
-
MD5
47cb4cb930541788a53da6337f726dc8
-
SHA1
2d7297e0469e51784b44212c795bae5237c314dc
-
SHA256
635adb7c70d41a43be40469bd0a517e8feb8a9ddb3e68f0ead3c2a4b82875213
-
SHA512
cfd584a481a8416900d0d081e81c5da1206c2723a39b02225afbfb636f5d81e705b425816e9498cc089daa7e387434af4d1a1ffc866181c43af3f5b83fa796a2
-
SSDEEP
1536:Co27Ggr90aa8ZkYU2Jm6Ywm2vmyzuXpXppfpp0ppzpphppypp9poppTp:CoUGgr90H86wm2vZy
Malware Config
Targets
-
-
Target
2024-06-14_47cb4cb930541788a53da6337f726dc8_destroyer_wannacry
-
Size
88KB
-
MD5
47cb4cb930541788a53da6337f726dc8
-
SHA1
2d7297e0469e51784b44212c795bae5237c314dc
-
SHA256
635adb7c70d41a43be40469bd0a517e8feb8a9ddb3e68f0ead3c2a4b82875213
-
SHA512
cfd584a481a8416900d0d081e81c5da1206c2723a39b02225afbfb636f5d81e705b425816e9498cc089daa7e387434af4d1a1ffc866181c43af3f5b83fa796a2
-
SSDEEP
1536:Co27Ggr90aa8ZkYU2Jm6Ywm2vmyzuXpXppfpp0ppzpphppypp9poppTp:CoUGgr90H86wm2vZy
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (207) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-