General
-
Target
2024-12-02_fa9f7699ccdb08c6ba4a9f4aa62ff64c_destroyer_wannacry
-
Size
22KB
-
Sample
241202-ybqknavmhl
-
MD5
fa9f7699ccdb08c6ba4a9f4aa62ff64c
-
SHA1
b82759e29cecec7a0dd06c52c9259e4b24c6ff67
-
SHA256
c50c9a28e88dbdfc9835e3722434af2db792c66d9ce1f496b395101289990e56
-
SHA512
277c3eb7eb3b7de7451dc95da1103746ade6622cc66b09cb6b9e0a287dfdf5f2cdda5728619ab6c024db22ebf226af3a0232989ecef452c81fd07dcf01a5770f
-
SSDEEP
384:33Mg/bqo2vLKErFppDKS+98GJMr91CIv6Ce2:hqo2OErFppDhN6Mr9Nvze2
Behavioral task
behavioral1
Sample
2024-12-02_fa9f7699ccdb08c6ba4a9f4aa62ff64c_destroyer_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-12-02_fa9f7699ccdb08c6ba4a9f4aa62ff64c_destroyer_wannacry.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2024-12-02_fa9f7699ccdb08c6ba4a9f4aa62ff64c_destroyer_wannacry
-
Size
22KB
-
MD5
fa9f7699ccdb08c6ba4a9f4aa62ff64c
-
SHA1
b82759e29cecec7a0dd06c52c9259e4b24c6ff67
-
SHA256
c50c9a28e88dbdfc9835e3722434af2db792c66d9ce1f496b395101289990e56
-
SHA512
277c3eb7eb3b7de7451dc95da1103746ade6622cc66b09cb6b9e0a287dfdf5f2cdda5728619ab6c024db22ebf226af3a0232989ecef452c81fd07dcf01a5770f
-
SSDEEP
384:33Mg/bqo2vLKErFppDKS+98GJMr91CIv6Ce2:hqo2OErFppDhN6Mr9Nvze2
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-