Extracted

• • Target

    2024-10-21_79d86615f0e2d2e642c9119a1b5aec02_destroyer_wannacry

  • Size

    27KB

  • MD5

    79d86615f0e2d2e642c9119a1b5aec02

  • SHA1

    15d39cb1ec1841b6eda1ac15efae826edfc3f018

  • SHA256

    f10eab55ab7a6f4211bef702263ed43c529c7fef9848c5717adafe4981fcf081

  • SHA512

    745e9c00e482259029eb4370e01a7be3ec81495f91fecede40dc3d4e233614022319b47b33b7fec77fef76104b0a82f6ce588e66f6fb16f3315329ac24252c68

  • SSDEEP

    384:vtWZPzzxAm1vp5ZRoDATbzyvQL/JXmlGOy5o91iOpE82vn:G7zxAmpfysKQrJ9ho9MOu82P

  Score

  10^/10

  chaospersistenceransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2