Extracted

• • Target

    2024-09-21_8e9498d9f1009d82fe20dec5e56e6ab6_destroyer_wannacry

  • Size

    69KB

  • MD5

    8e9498d9f1009d82fe20dec5e56e6ab6

  • SHA1

    07fd1c05d1e706a75cb8327bce60524faaf89735

  • SHA256

    24893dc83648dac9acf101c38381fbe5f09dff7788e4cd1d9ac6fc10bde8bb7a

  • SHA512

    26d1e96bb5bb7cc263c5d5f0688a53c537cac9a11893633b62d38213610d0655e76203c8a6fed6f3c795756039fc24df5b534fe978494e531a6b17e34bfab8d8

  • SSDEEP

    1536:fo2yGMhur9i35UbK+X7ryVIxBtNGmD1aBoolWi1UfF:foUMhur9i3MK+X7euBHGmJaBooEF

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Renames multiple (207) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2