General
-
Target
2025-03-13_575da76dd86fb455c2a1c0c0f5f040af_chaos_destroyer_wannacry
-
Size
24KB
-
Sample
250313-ja322ay1cv
-
MD5
575da76dd86fb455c2a1c0c0f5f040af
-
SHA1
50aa9bfc89a248c75039d7b901bfd125e5a3693e
-
SHA256
b8b8e5b340c6a689a3e155f7ccc494913af6bdd4562d78fe625e034f2c3ba843
-
SHA512
da4f02c8176d6909ab4e4f9d2ddf57e29cbe1ab4a2caf45ae9871dc0ed312a97d46b5e92a01eec01cba2b0c4a4b9715839ddb9eb34e2cb9a269b4fa5db82345e
-
SSDEEP
384:+n+mhVbzo4j3rPOCLTAE9efa8blFQBeJMS7Fb4hN5F:Nsk47rvB9e/bBuS7Fb4NX
Static task
static1
Behavioral task
behavioral1
Sample
2025-03-13_575da76dd86fb455c2a1c0c0f5f040af_chaos_destroyer_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-03-13_575da76dd86fb455c2a1c0c0f5f040af_chaos_destroyer_wannacry.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt
chaos
Targets
-
-
Target
2025-03-13_575da76dd86fb455c2a1c0c0f5f040af_chaos_destroyer_wannacry
-
Size
24KB
-
MD5
575da76dd86fb455c2a1c0c0f5f040af
-
SHA1
50aa9bfc89a248c75039d7b901bfd125e5a3693e
-
SHA256
b8b8e5b340c6a689a3e155f7ccc494913af6bdd4562d78fe625e034f2c3ba843
-
SHA512
da4f02c8176d6909ab4e4f9d2ddf57e29cbe1ab4a2caf45ae9871dc0ed312a97d46b5e92a01eec01cba2b0c4a4b9715839ddb9eb34e2cb9a269b4fa5db82345e
-
SSDEEP
384:+n+mhVbzo4j3rPOCLTAE9efa8blFQBeJMS7Fb4hN5F:Nsk47rvB9e/bBuS7Fb4NX
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-