Extracted

• • Target

    2024-07-23_47576f844ceb4d94c792ba29c2dbdd6e_chaos_destroyer_wannacry

  • Size

    23KB

  • MD5

    47576f844ceb4d94c792ba29c2dbdd6e

  • SHA1

    a49df192da22a8cd9c664dd42b6a34c5b2df065b

  • SHA256

    b12b018f969d01036ec6b085e069b72cc25ab2f8235f7687b4cbe0a68985da7a

  • SHA512

    3ec4be7c93858d20aa2c7c18f16e4408d8a763b8f3925e243942446ff487d1d93c3874c81aa67803b759bf8ac3ad85694d84caf1904599d4fb6f84f5b4852496

  • SSDEEP

    384:N3Mg/bqo2mcxtivp1AN4+X0Z/BvJXr91C0xb5reK:3qo2ptMp1g4+kRBBXr9zxbBeK

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2