Extracted

• • Target

    2025-01-25_ea6329f56de3d950ec51147a51e7e4f5_destroyer_wannacry

  • Size

    23KB

  • MD5

    ea6329f56de3d950ec51147a51e7e4f5

  • SHA1

    ed291641efe32c980504a8f093f61d0c7a7e1c7c

  • SHA256

    5a55e691732dc0601f0db09e4e3a9ea5faace1a6497455e5f9223dc913c4f264

  • SHA512

    06bc1a910d08be17d9c14ce1d163d05c6f36a8ea8b9eeccb1f9f1ab9eacb68c3a833a1b68632f0b0cab8136b1b01fed960e1ff44e4e4c7727f0fdc1e6fc411cc

  • SSDEEP

    384:u3Mg/bqo2Q+tZR11pXrjsWyrVaJPr91CA4yQieY:Mqo23tZRTpXrjsPVePr9F4AeY

  Score

  10^/10

  chaosransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Renames multiple (230) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2