Overview

overview

10

Static

static

10

2024-06-15...ry.exe

windows7-x64

10

2024-06-15...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-15_0819055220e18189f967b22c907dad72_destroyer_wannacry

  • Size

    27KB

  • Sample

    240615-ngnm5sydja

  • MD5

    0819055220e18189f967b22c907dad72

  • SHA1

    9cb93be06e2c724df92a1dfd89afa33b251b6ace

  • SHA256

    22468b9bb7f7a28b51d7a5ad91b515529b298da4f6b3c833a0c46c6fc0402d46

  • SHA512

    61bd0a3154a9b9e9e939ca2212efc40399557d23ca130142bb2a36a3c60aa65d265adc9b4e39dbb54a26659ba03cc0466a4a5b9ccb6c7f483dde8ae713d81734

  • SSDEEP

    384:itWZPzzxAm1vp5g/3f6UO2r7OUmgAYfdQPFolqOy5o919MroJ82vdQ:n7zxAmpgfn9rEgAYw9ho9juq82u

Score
10/10
chaosdefense_evasionevasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\read_it.txt

Ransom Note
WHAHAHAHAHA All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send 3 of your encrypted files and we decrypt it for free. You must follow these steps To decrypt your files : 1) Write on our e-mail :[email protected] ( In case of no answer in 24 hours check your spam folder or write us to this e-mail: [email protected]) 2) Obtain Bitcoin (You have to pay for decryption in Bitcoins. After payment we will send you the tool that will decrypt all your files.)

Targets

    • Target

      2024-06-15_0819055220e18189f967b22c907dad72_destroyer_wannacry

    • Size

      27KB

    • MD5

      0819055220e18189f967b22c907dad72

    • SHA1

      9cb93be06e2c724df92a1dfd89afa33b251b6ace

    • SHA256

      22468b9bb7f7a28b51d7a5ad91b515529b298da4f6b3c833a0c46c6fc0402d46

    • SHA512

      61bd0a3154a9b9e9e939ca2212efc40399557d23ca130142bb2a36a3c60aa65d265adc9b4e39dbb54a26659ba03cc0466a4a5b9ccb6c7f483dde8ae713d81734

    • SSDEEP

      384:itWZPzzxAm1vp5g/3f6UO2r7OUmgAYfdQPFolqOy5o919MroJ82vdQ:n7zxAmpgfn9rEgAYw9ho9juq82u

    Score
    10/10
    chaosdefense_evasionevasionexecutionimpactpersistenceransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Detects command variations typically used by ransomware

    • Detects executables containing many references to VEEAM. Observed in ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks