Extracted

• • Target

    2024-08-23_3a27830fed015d1acd1f6c79dca74227_destroyer_wannacry

  • Size

    26KB

  • MD5

    3a27830fed015d1acd1f6c79dca74227

  • SHA1

    277fba00e4198dc3db2991224d483b1eb8d3a1d2

  • SHA256

    b73c1864be869a047eb7961dc47b273e53dc5fe3eb6161caf82076ad62c7e3b5

  • SHA512

    396f04ffad3017d129613ec7e5b5d4df317aa99ebfbdb9792ddd11f542eaf4ebc887488359dfe4e70cf5131b088b929dc14b30d992655ba25ca56adcbe06f9e4

  • SSDEEP

    384:NkMg/bqoymcxtinmfS4+X0ZewJFr91CnmIxb5Mef/:Sqoyptomq4+ks4Fr9NIxbaef/

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2