General
-
Target
2024-06-16_d34b72d869022e1b685776dfacee4aa0_destroyer_wannacry
-
Size
88KB
-
Sample
240616-a2ghnswarn
-
MD5
d34b72d869022e1b685776dfacee4aa0
-
SHA1
25cf4456c9b434b56fcb77146275eee0b86d300f
-
SHA256
4e359ae286505974c77f25cd4862138af31ad5fc63b29fc1682a59d996bddc85
-
SHA512
88e123dd30a67f9bcc62e0f7bf078530dcc6efa385f9d530a73bc34a0edf1300ead4ed000e9f3da4f08787a2a6e6274e91f1455ed09067b0e7caeadf84875c43
-
SSDEEP
1536:Po2tljKtJr91/SDwkYU2Jm6Ywm2vmyzuXpXppfpp0ppzpphppypp9poppTp:PoijKtJr91KDdwm2vZy
Malware Config
Targets
-
-
Target
2024-06-16_d34b72d869022e1b685776dfacee4aa0_destroyer_wannacry
-
Size
88KB
-
MD5
d34b72d869022e1b685776dfacee4aa0
-
SHA1
25cf4456c9b434b56fcb77146275eee0b86d300f
-
SHA256
4e359ae286505974c77f25cd4862138af31ad5fc63b29fc1682a59d996bddc85
-
SHA512
88e123dd30a67f9bcc62e0f7bf078530dcc6efa385f9d530a73bc34a0edf1300ead4ed000e9f3da4f08787a2a6e6274e91f1455ed09067b0e7caeadf84875c43
-
SSDEEP
1536:Po2tljKtJr91/SDwkYU2Jm6Ywm2vmyzuXpXppfpp0ppzpphppypp9poppTp:PoijKtJr91KDdwm2vZy
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Detects command variations typically used by ransomware
-
Renames multiple (183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-