Extracted

• • Target

    2024-08-22_e7bd89cb405b3a1e0b34bea003b27ec5_wannacry

  • Size

    217KB

  • MD5

    e7bd89cb405b3a1e0b34bea003b27ec5

  • SHA1

    21061b3432c8e6a56f6b4e7b755d73f072f47f94

  • SHA256

    2a58499667712ca4e34cdf24cb2fa54828e76a254e780c3ac0fbb570f6148bf5

  • SHA512

    d0e592d846f0bc9a47f67036826079fe2ad4d777b52d5cd54bbfd0bf2f2834b54ea75e59ec34b2867aea51377cbd54f1186655d655f09c66ba2ec09407628231

  • SSDEEP

    3072:6ob0Exr9jos+uorMvZprdSyI+gPTfqyYgytVx9T8AOtZCWcW7ubxvOGIx3sBsNkw:P7r9jJ5orwrRS8gPFYTdOjbGXypU5

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2