Overview

overview

10

Static

static

10

2025-01-10...ry.exe

windows7-x64

10

2025-01-10...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-10_098bdcd33912b17a7641ab7affdeea84_wannacry

  • Size

    520KB

  • Sample

    250110-b7tkvsxngy

  • MD5

    098bdcd33912b17a7641ab7affdeea84

  • SHA1

    1b70504866a1449be722131eab31f345af2687bf

  • SHA256

    e019c6f094965c3bccc0a7ba09bfb09c4ff7059795da5b66b6e7a7c0ac8ef7ef

  • SHA512

    c133a6f237862aa5a8ed78d31eb185119b379df9148cb98933dff4cbdc87fa0158d34ffd74efd3db3060c01f8432b41bd3728218f7a6330a43b37c0d3a361736

  • SSDEEP

    3072:2EL8c9EiaBEUD/rDuuK5Khcd4T/EumQYnpsGKf7P:2EL8c9e3uuMKhcd4TGl2GKf

Score
10/10
chaosransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt

Ransom Note
~~~LucKY_Gh0$t~~~ >>>> All your important files are encrypted !!! The data will not be decrypted if you do not pay the ransom >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> Contact: Download and install SESSION (https://getsession.org) Our SESSION id: 05e18b4f1919469a2581ec63e75edee4f9be440bde926cf1cc3aedf1115ade5655 Write to a chat and wait for the answer, we will always answer you. Sometimes you will need to wait for our answer because we attack many companies. >>>> Your personal DECRYPTION ID: U0001 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
URLs

https://getsession.org

Targets

    • Target

      2025-01-10_098bdcd33912b17a7641ab7affdeea84_wannacry

    • Size

      520KB

    • MD5

      098bdcd33912b17a7641ab7affdeea84

    • SHA1

      1b70504866a1449be722131eab31f345af2687bf

    • SHA256

      e019c6f094965c3bccc0a7ba09bfb09c4ff7059795da5b66b6e7a7c0ac8ef7ef

    • SHA512

      c133a6f237862aa5a8ed78d31eb185119b379df9148cb98933dff4cbdc87fa0158d34ffd74efd3db3060c01f8432b41bd3728218f7a6330a43b37c0d3a361736

    • SSDEEP

      3072:2EL8c9EiaBEUD/rDuuK5Khcd4T/EumQYnpsGKf7P:2EL8c9e3uuMKhcd4TGl2GKf

    Score
    10/10
    chaosransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Chaos family

      chaos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks