Overview

overview

10

Static

static

10

202409086b...ry.exe

windows7-x64

10

202409086b...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    202409086b573d2e5879c3cb307b1e1fdb9087f4wannacry

  • Size

    245KB

  • Sample

    240908-k4zr5sxdkp

  • MD5

    6b573d2e5879c3cb307b1e1fdb9087f4

  • SHA1

    690d83a67319f6ff98690776e86dc0704b0d4a92

  • SHA256

    0545950ceb362f4f82da58a3c24825c26e188e210d345fbd127ad75b0f8dbcc9

  • SHA512

    674f061c61277f2b73a9d9b12ae83039ac3607c8bb0b043ac0ba9806eaef57508869e706bf9179258700dea6ae83ab87c64bac00441ab09df645a59720f71656

  • SSDEEP

    6144:BAHLSHCsulgv6ZZJJchBRsZVOB45r9iTIbdiLEusp:SrSLNv652bbB428bgY1p

Score
10/10
chaosevasionransomware

Malware Config

Targets

    • Target

      202409086b573d2e5879c3cb307b1e1fdb9087f4wannacry

    • Size

      245KB

    • MD5

      6b573d2e5879c3cb307b1e1fdb9087f4

    • SHA1

      690d83a67319f6ff98690776e86dc0704b0d4a92

    • SHA256

      0545950ceb362f4f82da58a3c24825c26e188e210d345fbd127ad75b0f8dbcc9

    • SHA512

      674f061c61277f2b73a9d9b12ae83039ac3607c8bb0b043ac0ba9806eaef57508869e706bf9179258700dea6ae83ab87c64bac00441ab09df645a59720f71656

    • SSDEEP

      6144:BAHLSHCsulgv6ZZJJchBRsZVOB45r9iTIbdiLEusp:SrSLNv652bbB428bgY1p

    Score
    10/10
    chaosevasionransomware

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks