Extracted

• • Target

    2024-08-22_a099bd164f694ce8c91c63d9850ecca3_destroyer_wannacry

  • Size

    29KB

  • MD5

    a099bd164f694ce8c91c63d9850ecca3

  • SHA1

    b793db34730011df73d2ab1b40ddf03414303fe7

  • SHA256

    3ca6498ae07357fe0202d874f5e3481791547a79f5503ce329e26683aae4beda

  • SHA512

    fcd1422814137708fdc70df99033d4e79d24342d65e2030b6bb190d032edf6f8603d24ad9ce9b61818eaacc6ec39483eddc67b52f19f6f671be111739659749b

  • SSDEEP

    384:oUMg/bqoymcxtiN+ZARHbN4+X0ZvhkJFr91C9hvomIxb50OeC:7qoyptI+Zi4+kNhsFr9Av1IxbKOeC

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2