Overview

overview

10

Static

static

10

2024-07-01...ry.exe

windows7-x64

10

2024-07-01...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-01_a6f55eb63c97d4099876dcbe3e2e007a_destroyer_wannacry

  • Size

    39KB

  • Sample

    240701-w9dyeashpf

  • MD5

    a6f55eb63c97d4099876dcbe3e2e007a

  • SHA1

    4f554f5bf5381285c5fd9199107ff91aa42798ab

  • SHA256

    3c19762ef8551c8f97ebac5fc0b5d37023286c96c3e70a18840bd86fa3800d14

  • SHA512

    7637b96c1ce28619af005d4d012968953f6d1fc7c81f7444557a33d86e7081c3d0aa9919cb6ae95fcf1febabaf5feae5ca7ad5d002c4901ede9bf93dbc212818

  • SSDEEP

    768:hqo2WM71np65YAHMDr9gzPHSDqfTyPPDdXOyT1/WwrwgceeU:ko2WMKCAHMDr9gzaDNPPDdXb/YgheU

Score
10/10
chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-07-01_a6f55eb63c97d4099876dcbe3e2e007a_destroyer_wannacry

    • Size

      39KB

    • MD5

      a6f55eb63c97d4099876dcbe3e2e007a

    • SHA1

      4f554f5bf5381285c5fd9199107ff91aa42798ab

    • SHA256

      3c19762ef8551c8f97ebac5fc0b5d37023286c96c3e70a18840bd86fa3800d14

    • SHA512

      7637b96c1ce28619af005d4d012968953f6d1fc7c81f7444557a33d86e7081c3d0aa9919cb6ae95fcf1febabaf5feae5ca7ad5d002c4901ede9bf93dbc212818

    • SSDEEP

      768:hqo2WM71np65YAHMDr9gzPHSDqfTyPPDdXOyT1/WwrwgceeU:ko2WMKCAHMDr9gzaDNPPDdXb/YgheU

    Score
    10/10
    chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Detects command variations typically used by ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks