General
-
Target
2025-03-12_19a786543199121b4d00b91ae95a9628_chaos_destroyer_wannacry
-
Size
26KB
-
Sample
250312-rvcpkss1gw
-
MD5
19a786543199121b4d00b91ae95a9628
-
SHA1
b8598057de34ef4f802df78567a59d8e4c512b2a
-
SHA256
d2dd462f3d0d296f69b3e2a200e93a197c5a142cdab45a857069ebe48ef920c1
-
SHA512
05daf877344d401db35f2ef31c6c4e50390510e2a263e00bc2f0f3f51465adebadf0c51d79fc3655b21c6edb0bbc3ef6141928e98712734951c4a6dd154c38ee
-
SSDEEP
384:CwYenjLLAG9rPOBSO2ABmAJFOVp91lmIb5ixDGx:E+rusoc9DmIbYxDm
Behavioral task
behavioral1
Sample
2025-03-12_19a786543199121b4d00b91ae95a9628_chaos_destroyer_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-03-12_19a786543199121b4d00b91ae95a9628_chaos_destroyer_wannacry.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
2025-03-12_19a786543199121b4d00b91ae95a9628_chaos_destroyer_wannacry
-
Size
26KB
-
MD5
19a786543199121b4d00b91ae95a9628
-
SHA1
b8598057de34ef4f802df78567a59d8e4c512b2a
-
SHA256
d2dd462f3d0d296f69b3e2a200e93a197c5a142cdab45a857069ebe48ef920c1
-
SHA512
05daf877344d401db35f2ef31c6c4e50390510e2a263e00bc2f0f3f51465adebadf0c51d79fc3655b21c6edb0bbc3ef6141928e98712734951c4a6dd154c38ee
-
SSDEEP
384:CwYenjLLAG9rPOBSO2ABmAJFOVp91lmIb5ixDGx:E+rusoc9DmIbYxDm
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-