Extracted

• • Target

    2024-11-22_e31f3d42bf3d0fc4d8f2a568eb956d01_destroyer_wannacry

  • Size

    27KB

  • MD5

    e31f3d42bf3d0fc4d8f2a568eb956d01

  • SHA1

    34fcda5e1628d6872c7d61a42d45ec11d9efcd31

  • SHA256

    3fdabc2dd0da231d971197eae267c8c34ac1bf4e89a9417742408db184a90d32

  • SHA512

    64229dcdc7cca556ab2efb852ab7dd51b5f3d7c446dbcd42e0a8f6076bde5d6d993fb2b680c5c9a7c2f8d606df0c3c71facc32fc3b62b8c05b7076807366460f

  • SSDEEP

    384:4tWZPzzxAm1vp5ZRoDPpYOcYgDzY7gFWlKOy5o91QFpK82vf:N7zxAmpfyP0YQYk7ho9+FQ82H

  Score

  10^/10

  chaospersistenceransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2