Extracted

• • Target

    2024-12-12_73f97293fdffa0b41312a1979d869a48_wannacry

  • Size

    195KB

  • MD5

    73f97293fdffa0b41312a1979d869a48

  • SHA1

    c36bc5b3a44e1853781e5daa0b570ac237241656

  • SHA256

    cc11b766211fa70abcdaeb3e00dbc56c1f5819ba583ed1ed2c43cfedd7369b2a

  • SHA512

    d680155c67d26bddda60ae54b6fc280e663029d01c05c7836ddd13d6792622ead2c093e8016932d626333c25c8b3f4e5e51c56d714ad5945ee943734f3457d75

  • SSDEEP

    3072:no0g4196r9gRskBc93hxfkB+7kjCGX8q1qz2/HuHZZ57/Euv8RnN86:jg4ar9gRI8sAwxWHaEU

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2