General
-
Target
2024-08-30_65f701945cd471bd6e95bad1b71201f5_chaos_destroyer_wannacry
-
Size
34KB
-
Sample
240830-ttqwxstara
-
MD5
65f701945cd471bd6e95bad1b71201f5
-
SHA1
7ba2901cf5617389cf8ab17d614392bff53f6944
-
SHA256
b105e6a95291eee9a9223554ad78d2e082ab1a8acc3523d7b644e5cf4add703a
-
SHA512
4a455ca2d25c38390a2f4e448fe81e7435e0db75d193e95f40803c165af48c4f40e2e562a5839687d09742577612f42000aeb5ac284ea72b8b533f007153897c
-
SSDEEP
768:vqo2SeShAFSpajl0vr90fMY4cB0dbjeC:io2zsW1l0vr90fEcB04C
Behavioral task
behavioral1
Sample
2024-08-30_65f701945cd471bd6e95bad1b71201f5_chaos_destroyer_wannacry.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-08-30_65f701945cd471bd6e95bad1b71201f5_chaos_destroyer_wannacry.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-08-30_65f701945cd471bd6e95bad1b71201f5_chaos_destroyer_wannacry
-
Size
34KB
-
MD5
65f701945cd471bd6e95bad1b71201f5
-
SHA1
7ba2901cf5617389cf8ab17d614392bff53f6944
-
SHA256
b105e6a95291eee9a9223554ad78d2e082ab1a8acc3523d7b644e5cf4add703a
-
SHA512
4a455ca2d25c38390a2f4e448fe81e7435e0db75d193e95f40803c165af48c4f40e2e562a5839687d09742577612f42000aeb5ac284ea72b8b533f007153897c
-
SSDEEP
768:vqo2SeShAFSpajl0vr90fMY4cB0dbjeC:io2zsW1l0vr90fEcB04C
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-