General
-
Target
2024-09-03_9fa3de73d8740381fe07165858125a3c_destroyer_wannacry
-
Size
45KB
-
Sample
240903-19vclszdrf
-
MD5
9fa3de73d8740381fe07165858125a3c
-
SHA1
8800ac9ba4db3f272e0107b5aa290385e3209aa0
-
SHA256
2283242fda9f7bd1a4e8b4fd72e20c5fb3d13a2ebce8832b380441be4a8a2cdb
-
SHA512
03fcfd96668f3b6b5dc091552a72bfd2c2ef0a44b7727bec296e8783bbece7add42f09356b7d1fdc6e62baa419cb595f913a94e200ac1afb3feafaa4f6ad223c
-
SSDEEP
768:M7zxAmfwchrEgXYwIho9BwJct3wwExBvWcH1/527Iv+YGA82C:MN1/owIq9BwJ60/HH1h/Gbf
Malware Config
Targets
-
-
Target
2024-09-03_9fa3de73d8740381fe07165858125a3c_destroyer_wannacry
-
Size
45KB
-
MD5
9fa3de73d8740381fe07165858125a3c
-
SHA1
8800ac9ba4db3f272e0107b5aa290385e3209aa0
-
SHA256
2283242fda9f7bd1a4e8b4fd72e20c5fb3d13a2ebce8832b380441be4a8a2cdb
-
SHA512
03fcfd96668f3b6b5dc091552a72bfd2c2ef0a44b7727bec296e8783bbece7add42f09356b7d1fdc6e62baa419cb595f913a94e200ac1afb3feafaa4f6ad223c
-
SSDEEP
768:M7zxAmfwchrEgXYwIho9BwJct3wwExBvWcH1/527Iv+YGA82C:MN1/owIq9BwJ60/HH1h/Gbf
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
2