General
-
Target
2024-11-15_d0055ceb4fc413a9a192c9dfb1bc914d_destroyer_wannacry
-
Size
29KB
-
Sample
241115-pk9v8axpfp
-
MD5
d0055ceb4fc413a9a192c9dfb1bc914d
-
SHA1
b7d82cb690505161375231929a0debc98160b0cc
-
SHA256
f7a3d901f6b80aea774f6bce28060c7b128a07f9123284c195b9b7570d62b693
-
SHA512
3ead7890dbbb05b6df10546992928e743fb1f35ef427bfefc8a0a8e273dd0cda2312127d9ca39dae732fb6c0508c3383695bccb5944447b891f7928950e59c8d
-
SSDEEP
384:M8SK+KBeWQOxHMcrJ+Q/65noUmwbZb7z/mgmOhqclYhhD9:2K+K48xsMwVb1S+Of9
Behavioral task
behavioral1
Sample
2024-11-15_d0055ceb4fc413a9a192c9dfb1bc914d_destroyer_wannacry.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-11-15_d0055ceb4fc413a9a192c9dfb1bc914d_destroyer_wannacry.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-11-15_d0055ceb4fc413a9a192c9dfb1bc914d_destroyer_wannacry
-
Size
29KB
-
MD5
d0055ceb4fc413a9a192c9dfb1bc914d
-
SHA1
b7d82cb690505161375231929a0debc98160b0cc
-
SHA256
f7a3d901f6b80aea774f6bce28060c7b128a07f9123284c195b9b7570d62b693
-
SHA512
3ead7890dbbb05b6df10546992928e743fb1f35ef427bfefc8a0a8e273dd0cda2312127d9ca39dae732fb6c0508c3383695bccb5944447b891f7928950e59c8d
-
SSDEEP
384:M8SK+KBeWQOxHMcrJ+Q/65noUmwbZb7z/mgmOhqclYhhD9:2K+K48xsMwVb1S+Of9
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1