General
-
Target
2025-02-01_aca8806bba5c35c898f430b485cc52f7_destroyer_wannacry
-
Size
27KB
-
Sample
250201-y7pm8synfz
-
MD5
aca8806bba5c35c898f430b485cc52f7
-
SHA1
c16b16c59aae7b4c460a42478aecfd0612b6178f
-
SHA256
ccf5526630d3e73ac6d41b6c57f01a07013100b7f2bcb9b96c7a9c275a9c9c0a
-
SHA512
179fa0119d743ad3fab011e22d7119c4da1c1a2147f7067da69b1a0762d45d6716bbbedef5d0ed9959db2e24d4de2c4c489c816a88baf6c2e38116480c8a7459
-
SSDEEP
384:VtWZPzzxAm1vw5OPB5n8N7dIaPVfwMWBi3slQOy5o91QpR1M682v/:c7zxAmAOPMZfwMDBho961L82H
Malware Config
Targets
-
-
Target
2025-02-01_aca8806bba5c35c898f430b485cc52f7_destroyer_wannacry
-
Size
27KB
-
MD5
aca8806bba5c35c898f430b485cc52f7
-
SHA1
c16b16c59aae7b4c460a42478aecfd0612b6178f
-
SHA256
ccf5526630d3e73ac6d41b6c57f01a07013100b7f2bcb9b96c7a9c275a9c9c0a
-
SHA512
179fa0119d743ad3fab011e22d7119c4da1c1a2147f7067da69b1a0762d45d6716bbbedef5d0ed9959db2e24d4de2c4c489c816a88baf6c2e38116480c8a7459
-
SSDEEP
384:VtWZPzzxAm1vw5OPB5n8N7dIaPVfwMWBi3slQOy5o91QpR1M682v/:c7zxAmAOPMZfwMDBho961L82H
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1