chaos | 1fa269db603859c64adb78d9267179841d98099f65e30ee21c0c0daa86c846f4 | Triage

Submit
Reports

Overview

overview

Static

static

2025-01-25...ry.exe

windows7-x64

2025-01-25...ry.exe

windows10-2004-x64

Sharing

General

Target

2025-01-25_1d10c3da50d5eacde1a5f1ae2169490b_destroyer_wannacry
Size

88KB
Sample

250125-x8xjssyqfj
MD5

1d10c3da50d5eacde1a5f1ae2169490b
SHA1

c50639316a0d1ac9265a11ec78a28c0669dd6b68
SHA256

1fa269db603859c64adb78d9267179841d98099f65e30ee21c0c0daa86c846f4
SHA512

d23c4b9df9382761cf1dcda902e32e3e3de87976fb522fac966d0deee62efb70ee3cda40c4c05ff47a688b3942951883e81fa361370227c34981d5c267ec0f27
SSDEEP

1536:po2Pb41nEr9h5r/nyFskNRgj4YfG1rd+/eYaiy6eKAmFy:poQb41nEr9Lr/nyFskNRgj4YfwrdeeYQ

Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-01-25_1d10c3da50d5eacde1a5f1ae2169490b_destroyer_wannacry.exe

Resource

win7-20240903-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-01-25_1d10c3da50d5eacde1a5f1ae2169490b_destroyer_wannacry.exe

Resource

win10v2004-20241007-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-01-25_1d10c3da50d5eacde1a5f1ae2169490b_destroyer_wannacry
- Size
  
  88KB
- MD5
  
  1d10c3da50d5eacde1a5f1ae2169490b
- SHA1
  
  c50639316a0d1ac9265a11ec78a28c0669dd6b68
- SHA256
  
  1fa269db603859c64adb78d9267179841d98099f65e30ee21c0c0daa86c846f4
- SHA512
  
  d23c4b9df9382761cf1dcda902e32e3e3de87976fb522fac966d0deee62efb70ee3cda40c4c05ff47a688b3942951883e81fa361370227c34981d5c267ec0f27
- SSDEEP
  
  1536:po2Pb41nEr9h5r/nyFskNRgj4YfG1rd+/eYaiy6eKAmFy:poQb41nEr9Lr/nyFskNRgj4YfwrdeeYQ
Score

10^/10

chaos defense_evasion evasion execution impact ransomware spyware stealer
- Chaos
  Ransomware family first seen in June 2021.
  ransomware chaos
- Chaos Ransomware
- Chaos family
  chaos
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

behavioral2

chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

© 2018-2025

Terms | Privacy