Overview

overview

10

Static

static

10

2024-06-15...ry.exe

windows7-x64

10

2024-06-15...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-15_1484bfc72f2a31fec076b48d4e687a98_wannacry

  • Size

    331KB

  • Sample

    240615-pzhqaavdmq

  • MD5

    1484bfc72f2a31fec076b48d4e687a98

  • SHA1

    9f019893c50d17cd6b930112bb657254057eb694

  • SHA256

    a2f989afcba6ea097fa104c313a1626bf6cdaffe80b000e247f36b8d3906acf6

  • SHA512

    5e2d0ba2639af86b7b423b65cf2e16a7e2335da7c51e827f7f1f00f460f3a8c46b70f789f5d4264a58c17121424fa979307b60017e3a01726df4e0a65e0ced72

  • SSDEEP

    1536:C3kIZridr9SHyB2CNaLGpf9aJfXgY1zUTyr5hV:C3kCidr9S0NaKpf+XgTTSj

Score
10/10
chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-06-15_1484bfc72f2a31fec076b48d4e687a98_wannacry

    • Size

      331KB

    • MD5

      1484bfc72f2a31fec076b48d4e687a98

    • SHA1

      9f019893c50d17cd6b930112bb657254057eb694

    • SHA256

      a2f989afcba6ea097fa104c313a1626bf6cdaffe80b000e247f36b8d3906acf6

    • SHA512

      5e2d0ba2639af86b7b423b65cf2e16a7e2335da7c51e827f7f1f00f460f3a8c46b70f789f5d4264a58c17121424fa979307b60017e3a01726df4e0a65e0ced72

    • SSDEEP

      1536:C3kIZridr9SHyB2CNaLGpf9aJfXgY1zUTyr5hV:C3kCidr9S0NaKpf+XgTTSj

    Score
    10/10
    chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Detects command variations typically used by ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks