Overview

overview

10

Static

static

10

20240912f5...ry.exe

windows7-x64

10

20240912f5...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20240912f5414e93aa1483962148b1e73058156adestroyerwannacry

  • Size

    23KB

  • Sample

    240913-hdazzszcka

  • MD5

    f5414e93aa1483962148b1e73058156a

  • SHA1

    a48ea50789321e999868d33cb5c373fca86fe9b3

  • SHA256

    43ce9f0cc8826d95942cb68e66603be2b61604d173ae5d6e48e24a311d68c40d

  • SHA512

    215d5c028998ec10cc8f17a4e4b54db1a5a8ab932b6cf602c8cc83547b07495662f492f39f4ffd1893ebc469a3541c07999073a996ce00173ad26c6e09c70f85

  • SSDEEP

    384:s3Mg/bqo2m0XM3oGJZRxNStpUqjuwzULJ1r91C4oUDfeq:Sqo2LLG8tphjK91r9noUzeq

Score
10/10
chaosransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Documents\read_it.txt

Ransom Note
All of your files have been stolen and encrypted, we have downloaded sensitive and compromising data from your system/network including your financial data and network map. Your files have been encrypted and you won't be able to decrypt them without our help. If you modify the files you won't be able to decrypt them You can try whatever you wanna try but don't modify the files, they'll be damaged and impossible to decrypt. it's nothing personal, it's all about money. have a great day. Bitcoin Address: bc1qpn32q8a3jykzpfnrv6crqulk7wguaryhxzadqa Non payment will result in your data being published. YOU HAVE 7 DAYS, AFTER 3 DAYS THE MONEY DOUBLES. You can contact us using Tox messenger https://tox.chat/download.html. Tox ID : EEC1A34EA55C1DBC63D8BCC4779D93BB64FC9036C82210467DEB1948A3ABC2248CE1CAB7A181 You need contact us and decrypt one file for free on TOX messenger with your personal DECRYPTION ID 496
URLs

https://tox.chat/download.html

Targets

    • Target

      20240912f5414e93aa1483962148b1e73058156adestroyerwannacry

    • Size

      23KB

    • MD5

      f5414e93aa1483962148b1e73058156a

    • SHA1

      a48ea50789321e999868d33cb5c373fca86fe9b3

    • SHA256

      43ce9f0cc8826d95942cb68e66603be2b61604d173ae5d6e48e24a311d68c40d

    • SHA512

      215d5c028998ec10cc8f17a4e4b54db1a5a8ab932b6cf602c8cc83547b07495662f492f39f4ffd1893ebc469a3541c07999073a996ce00173ad26c6e09c70f85

    • SSDEEP

      384:s3Mg/bqo2m0XM3oGJZRxNStpUqjuwzULJ1r91C4oUDfeq:Sqo2LLG8tphjK91r9noUzeq

    Score
    10/10
    chaosransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks