Overview

overview

10

Static

static

10

2024-08-30...ry.exe

windows7-x64

10

2024-08-30...ry.exe

windows10-2004-x64

10

Resubmissions

30-08-2024 14:26

240830-rr253ayfjc 10

30-08-2024 09:28

240830-lfmncaxamh 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-30_81605de48f66887272b879486dfc07a8_destroyer_wannacry

  • Size

    68KB

  • Sample

    240830-rr253ayfjc

  • MD5

    81605de48f66887272b879486dfc07a8

  • SHA1

    cc58705c7ec749a5a9177125b216c9ee0ee0bb93

  • SHA256

    fa0a4f9d71cde33626ac77ca1d5f5ff98af968446787dbe097cc36ea6f5ae87a

  • SHA512

    d288d845acf7d9b7c41bf6cf2894d4671577fbbbf98856d357bbd7c09744da9979ae0f643e5c10ca76029721749bceecbfeb9b7a54b33a596af0ab66791fbf6a

  • SSDEEP

    1536:io2zsW1l0vr90fEcB04Cwo2zsW1l0vr90fEcB04C:ioETz0vr90fEcdCwoETz0vr90fEcdC

Score
10/10
chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-08-30_81605de48f66887272b879486dfc07a8_destroyer_wannacry

    • Size

      68KB

    • MD5

      81605de48f66887272b879486dfc07a8

    • SHA1

      cc58705c7ec749a5a9177125b216c9ee0ee0bb93

    • SHA256

      fa0a4f9d71cde33626ac77ca1d5f5ff98af968446787dbe097cc36ea6f5ae87a

    • SHA512

      d288d845acf7d9b7c41bf6cf2894d4671577fbbbf98856d357bbd7c09744da9979ae0f643e5c10ca76029721749bceecbfeb9b7a54b33a596af0ab66791fbf6a

    • SSDEEP

      1536:io2zsW1l0vr90fEcB04Cwo2zsW1l0vr90fEcB04C:ioETz0vr90fEcdCwoETz0vr90fEcdC

    Score
    10/10
    chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks