General
-
Target
2024-09-18_7ed302cebbc723b8d88c338bb214e7f7_wannacry
-
Size
170KB
-
Sample
240918-ja882syhjh
-
MD5
7ed302cebbc723b8d88c338bb214e7f7
-
SHA1
fa4a8d360fc38ba049c7cbd4ea8b73832e753da8
-
SHA256
dec248ceef5b72c14f69a67833b94f6eb5d329e04f9fa815ea35787e55b8f5f5
-
SHA512
a5234647ef1fdcb6dc61144c78522578437e9e6c36e47dd99cdc6cadaae1abd8314c2c69a83897f5721a28d863047abf9c91f6e166b1e624c18ccf733746010c
-
SSDEEP
3072:r+c997iL9/Fuit7QQClhw5QF7lUOtBmSM57ezHljt07tR1LyDwPxt:ic99Gzu0QVhmlKmSpz7+tRUDw
Malware Config
Targets
-
-
Target
2024-09-18_7ed302cebbc723b8d88c338bb214e7f7_wannacry
-
Size
170KB
-
MD5
7ed302cebbc723b8d88c338bb214e7f7
-
SHA1
fa4a8d360fc38ba049c7cbd4ea8b73832e753da8
-
SHA256
dec248ceef5b72c14f69a67833b94f6eb5d329e04f9fa815ea35787e55b8f5f5
-
SHA512
a5234647ef1fdcb6dc61144c78522578437e9e6c36e47dd99cdc6cadaae1abd8314c2c69a83897f5721a28d863047abf9c91f6e166b1e624c18ccf733746010c
-
SSDEEP
3072:r+c997iL9/Fuit7QQClhw5QF7lUOtBmSM57ezHljt07tR1LyDwPxt:ic99Gzu0QVhmlKmSpz7+tRUDw
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-