General

  • Target

    2024-11-15_d0055ceb4fc413a9a192c9dfb1bc914d_destroyer_wannacry

  • Size

    29KB

  • Sample

    241115-pk9v8axpfp

  • MD5

    d0055ceb4fc413a9a192c9dfb1bc914d

  • SHA1

    b7d82cb690505161375231929a0debc98160b0cc

  • SHA256

    f7a3d901f6b80aea774f6bce28060c7b128a07f9123284c195b9b7570d62b693

  • SHA512

    3ead7890dbbb05b6df10546992928e743fb1f35ef427bfefc8a0a8e273dd0cda2312127d9ca39dae732fb6c0508c3383695bccb5944447b891f7928950e59c8d

  • SSDEEP

    384:M8SK+KBeWQOxHMcrJ+Q/65noUmwbZb7z/mgmOhqclYhhD9:2K+K48xsMwVb1S+Of9

Malware Config

Targets

    • Target

      2024-11-15_d0055ceb4fc413a9a192c9dfb1bc914d_destroyer_wannacry

    • Size

      29KB

    • MD5

      d0055ceb4fc413a9a192c9dfb1bc914d

    • SHA1

      b7d82cb690505161375231929a0debc98160b0cc

    • SHA256

      f7a3d901f6b80aea774f6bce28060c7b128a07f9123284c195b9b7570d62b693

    • SHA512

      3ead7890dbbb05b6df10546992928e743fb1f35ef427bfefc8a0a8e273dd0cda2312127d9ca39dae732fb6c0508c3383695bccb5944447b891f7928950e59c8d

    • SSDEEP

      384:M8SK+KBeWQOxHMcrJ+Q/65noUmwbZb7z/mgmOhqclYhhD9:2K+K48xsMwVb1S+Of9

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks