General

  • Target

    2024-06-18_692028a15d45c37361cd9ebd91aa2182_destroyer_wannacry

  • Size

    61KB

  • Sample

    240618-vzh9pssgmd

  • MD5

    692028a15d45c37361cd9ebd91aa2182

  • SHA1

    f2d2160758e0ae0d0db22fb4524947d9597aa890

  • SHA256

    bf0c353bf4f59db1d33b62589cca64d29c915d3073c86cd04e78f1d28bb65d74

  • SHA512

    220738ff8de81abfbedca6288ed78c04405f6499b4a2bdfea6f683fd57ddf702bd6988324bcb501b810d4a780147b13aa45714b9dce295a21a028848cf48f0c4

  • SSDEEP

    768:cRp27mtc9Fe87E8L/+5nXWl6/JsNySGc7Q/duS+mD3eiUWGbYxDW:cv2Ec9Fe8FL2JWl6/JnVd/duS+jiri

Malware Config

Targets

    • Target

      2024-06-18_692028a15d45c37361cd9ebd91aa2182_destroyer_wannacry

    • Size

      61KB

    • MD5

      692028a15d45c37361cd9ebd91aa2182

    • SHA1

      f2d2160758e0ae0d0db22fb4524947d9597aa890

    • SHA256

      bf0c353bf4f59db1d33b62589cca64d29c915d3073c86cd04e78f1d28bb65d74

    • SHA512

      220738ff8de81abfbedca6288ed78c04405f6499b4a2bdfea6f683fd57ddf702bd6988324bcb501b810d4a780147b13aa45714b9dce295a21a028848cf48f0c4

    • SSDEEP

      768:cRp27mtc9Fe87E8L/+5nXWl6/JsNySGc7Q/duS+mD3eiUWGbYxDW:cv2Ec9Fe8FL2JWl6/JnVd/duS+jiri

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Detects command variations typically used by ransomware

    • Renames multiple (175) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks