General
-
Target
2024-09-16_77d67233128926082858536211d16c75_wannacry
-
Size
440KB
-
Sample
240916-jfcr2awcnq
-
MD5
77d67233128926082858536211d16c75
-
SHA1
f64cfe2bda7787646ca037f9422f8c2663032d42
-
SHA256
3469bb786be861e7d9afbfd51b1e6c31870d0b83272d085f59c25969bcaf1313
-
SHA512
777720b9d726ab673a1ee6a0ef16320cf7ce1855e6ded788da6b0182f831ed9546164168d5da78b0962c01ed5df539c7ab6f966a150defdc60ba205b32fc6c16
-
SSDEEP
6144:Tg8q9o9xLLZVDwYGrH7wVNJUWqIMJ4HnXckdymBh:Tg099LZVDwYGrbwPJtqINHnXPEmB
Malware Config
Targets
-
-
Target
2024-09-16_77d67233128926082858536211d16c75_wannacry
-
Size
440KB
-
MD5
77d67233128926082858536211d16c75
-
SHA1
f64cfe2bda7787646ca037f9422f8c2663032d42
-
SHA256
3469bb786be861e7d9afbfd51b1e6c31870d0b83272d085f59c25969bcaf1313
-
SHA512
777720b9d726ab673a1ee6a0ef16320cf7ce1855e6ded788da6b0182f831ed9546164168d5da78b0962c01ed5df539c7ab6f966a150defdc60ba205b32fc6c16
-
SSDEEP
6144:Tg8q9o9xLLZVDwYGrH7wVNJUWqIMJ4HnXckdymBh:Tg099LZVDwYGrbwPJtqINHnXPEmB
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
2