General

  • Target

    2025-01-25_87ed765171e1a1bcad9a331bfa094360_wannacry

  • Size

    619KB

  • Sample

    250125-xh1hrswmgv

  • MD5

    87ed765171e1a1bcad9a331bfa094360

  • SHA1

    7db04b4b6e6f6246ab830367996e3a2ccfa0799f

  • SHA256

    441c1aa1a603a4f77a118d5469ff8a6f8346b7f3225cbba7f3f726ec734aeb5c

  • SHA512

    17af72c21461e97e274e6178b92d84c94c41cedcd4a8f46edd47e08482bcc32dd40eed4dc7f466392b57ed3cc5a22d61ff078ebfdc18e82e943c7b7faf2f1541

  • SSDEEP

    12288:u+dknyzlV0tt5IbDEylitqURFiUq1wWmCdZ75UJTAEXNwcyvoKe47H:lsDTYDJRW

Malware Config

Targets

    • Target

      2025-01-25_87ed765171e1a1bcad9a331bfa094360_wannacry

    • Size

      619KB

    • MD5

      87ed765171e1a1bcad9a331bfa094360

    • SHA1

      7db04b4b6e6f6246ab830367996e3a2ccfa0799f

    • SHA256

      441c1aa1a603a4f77a118d5469ff8a6f8346b7f3225cbba7f3f726ec734aeb5c

    • SHA512

      17af72c21461e97e274e6178b92d84c94c41cedcd4a8f46edd47e08482bcc32dd40eed4dc7f466392b57ed3cc5a22d61ff078ebfdc18e82e943c7b7faf2f1541

    • SSDEEP

      12288:u+dknyzlV0tt5IbDEylitqURFiUq1wWmCdZ75UJTAEXNwcyvoKe47H:lsDTYDJRW

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks