Extracted

• • Target

    2025-01-29_03ab219a09fcbe8614dda0e30820008d_destroyer_wannacry

  • Size

    27KB

  • MD5

    03ab219a09fcbe8614dda0e30820008d

  • SHA1

    15fa2b8e3c22d8334ae220a17d9d965acdab6cf7

  • SHA256

    faf82a56e4f6274bc9244a3ec8ffdfbce12237b5e56dcdd765fb8b2fb4d0b670

  • SHA512

    dc4d6ac0550b97c2d722b151989ba23071307dc6f5fab8d36b864dabd2b3861a23ce00094ffd7ae78691759b7ffe478e162614c7b9eb1842c004a248504e35ae

  • SSDEEP

    384:AtWZPzzxAm1vS5ZooqYEWx0noBeuBbkblJmOy5o91s2h7Vpy82vZ:17zxAmOS/Y70nWeu1Xho9lhxg82R

  Score

  10^/10

  chaosdefense_evasionevasionexecutionimpactpersistenceransomwarespywarestealer

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos

  • Chaos Ransomware

  • Chaos family

    chaos

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Disables Task Manager via registry modification

    defense_evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2