General

  • Target

    2024-10-14_76caee0502e3483b22ffe34508a06ec3_destroyer_wannacry

  • Size

    26KB

  • Sample

    241014-vw3tyawgmf

  • MD5

    76caee0502e3483b22ffe34508a06ec3

  • SHA1

    c4120e980f86a2ab7bd29864e9045012c40ba70f

  • SHA256

    b4dc0cd3a5824ad15c8607c4cf23278b90d61946e2d904445e5707534a67d989

  • SHA512

    65f5bcee2c45d38d981638657d936d78096586659e1cd52a329876c1cac37aef105d97addce101158472f14322f1dbb5a932a08ea160d2e5d3a8b14d8db1d9ed

  • SSDEEP

    384:3tWZPzzxAm1vObMcJQ7o71+k4zxBSKrE7lGOy5o91Y5O9jx82vH:O7zxAmaXJQ7ogk426Jho925O9t82v

Malware Config

Targets

    • Target

      2024-10-14_76caee0502e3483b22ffe34508a06ec3_destroyer_wannacry

    • Size

      26KB

    • MD5

      76caee0502e3483b22ffe34508a06ec3

    • SHA1

      c4120e980f86a2ab7bd29864e9045012c40ba70f

    • SHA256

      b4dc0cd3a5824ad15c8607c4cf23278b90d61946e2d904445e5707534a67d989

    • SHA512

      65f5bcee2c45d38d981638657d936d78096586659e1cd52a329876c1cac37aef105d97addce101158472f14322f1dbb5a932a08ea160d2e5d3a8b14d8db1d9ed

    • SSDEEP

      384:3tWZPzzxAm1vObMcJQ7o71+k4zxBSKrE7lGOy5o91Y5O9jx82vH:O7zxAmaXJQ7ogk426Jho925O9t82v

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks