General

  • Target

    2024-12-02_fa9f7699ccdb08c6ba4a9f4aa62ff64c_destroyer_wannacry

  • Size

    22KB

  • Sample

    241202-ybqknavmhl

  • MD5

    fa9f7699ccdb08c6ba4a9f4aa62ff64c

  • SHA1

    b82759e29cecec7a0dd06c52c9259e4b24c6ff67

  • SHA256

    c50c9a28e88dbdfc9835e3722434af2db792c66d9ce1f496b395101289990e56

  • SHA512

    277c3eb7eb3b7de7451dc95da1103746ade6622cc66b09cb6b9e0a287dfdf5f2cdda5728619ab6c024db22ebf226af3a0232989ecef452c81fd07dcf01a5770f

  • SSDEEP

    384:33Mg/bqo2vLKErFppDKS+98GJMr91CIv6Ce2:hqo2OErFppDhN6Mr9Nvze2

Malware Config

Targets

    • Target

      2024-12-02_fa9f7699ccdb08c6ba4a9f4aa62ff64c_destroyer_wannacry

    • Size

      22KB

    • MD5

      fa9f7699ccdb08c6ba4a9f4aa62ff64c

    • SHA1

      b82759e29cecec7a0dd06c52c9259e4b24c6ff67

    • SHA256

      c50c9a28e88dbdfc9835e3722434af2db792c66d9ce1f496b395101289990e56

    • SHA512

      277c3eb7eb3b7de7451dc95da1103746ade6622cc66b09cb6b9e0a287dfdf5f2cdda5728619ab6c024db22ebf226af3a0232989ecef452c81fd07dcf01a5770f

    • SSDEEP

      384:33Mg/bqo2vLKErFppDKS+98GJMr91CIv6Ce2:hqo2OErFppDhN6Mr9Nvze2

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks