General

  • Target

    2024-09-12_b2c21469ac9ee8a5998e6c7a1b7ccc2d_destroyer_wannacry

  • Size

    83KB

  • Sample

    240912-hn3gzswgpp

  • MD5

    b2c21469ac9ee8a5998e6c7a1b7ccc2d

  • SHA1

    b088b4d45e8177dbf037898fcf560cdf55c7a794

  • SHA256

    269b64f6ebfbf1aa867b3b23770df1cd0abff63dd63be3a50ee0faa374ef9390

  • SHA512

    3af537a71f98a3d68591e94d7a65cdcf4f5d95b7ea68d5486bdc3714746e002e9dc8781154bad158c4c0cde48949cf50e1d5d1978ae31b29934aebbd294e669f

  • SSDEEP

    1536:gNojJM0Sq9UIV5wlzNZ+c8dTSgfAiqKegnDJpmEsxr8UnFoVVBBJMp:G0Sq9UeuRcc8MVkegDJptWAUnF8/g

Malware Config

Targets

    • Target

      2024-09-12_b2c21469ac9ee8a5998e6c7a1b7ccc2d_destroyer_wannacry

    • Size

      83KB

    • MD5

      b2c21469ac9ee8a5998e6c7a1b7ccc2d

    • SHA1

      b088b4d45e8177dbf037898fcf560cdf55c7a794

    • SHA256

      269b64f6ebfbf1aa867b3b23770df1cd0abff63dd63be3a50ee0faa374ef9390

    • SHA512

      3af537a71f98a3d68591e94d7a65cdcf4f5d95b7ea68d5486bdc3714746e002e9dc8781154bad158c4c0cde48949cf50e1d5d1978ae31b29934aebbd294e669f

    • SSDEEP

      1536:gNojJM0Sq9UIV5wlzNZ+c8dTSgfAiqKegnDJpmEsxr8UnFoVVBBJMp:G0Sq9UeuRcc8MVkegDJptWAUnF8/g

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks