Extracted

• • Target

    2024-10-07_315c05b751b0c8c1a660f6dcefca3a57_destroyer_wannacry

  • Size

    27KB

  • MD5

    315c05b751b0c8c1a660f6dcefca3a57

  • SHA1

    3722320bb60f7034ec9df8895c59463938134cf9

  • SHA256

    44589008ea867053bde88528256c3cd3eec1d6dddfa63c32bad5a8fd6c437017

  • SHA512

    db87e3f1d32d343e2409ad2b0dbbd1b2788c8e024223e65721b478e9279c50d600599c33edfbe6944d1e5789a3f3086d0f88370a9e9dd0e8ea09946cbd1853db

  • SSDEEP

    384:9DtWZPzzxAm1vp5ZRoDMS74WtRQUxhhlsNpGcPl0Oy5o91mI7pQ82vB:967zxAmpfyMS1RQUxGN4Hho90I7u82p

  Score

  10^/10

  chaospersistenceransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2