General

  • Target

    2025-03-13_79bc52fbe4be7638d393ae7e3e185ea5_wannacry

  • Size

    103KB

  • Sample

    250313-mnllpazzaz

  • MD5

    79bc52fbe4be7638d393ae7e3e185ea5

  • SHA1

    4e402d19196a444fb78f3597a3cb06bd39aee262

  • SHA256

    d9b2d86086d39cc3edab32a2320b3579c84ee5f67227ca7b16fd1a8cd72d09aa

  • SHA512

    768047ebc60b722a98587c050849a4cf238076220c49ef39d52a3fac3cf60ea4cdec627714df84b744b03a36a48fa29422f7fbff7bf564b4d8bb0cf4c505361c

  • SSDEEP

    1536:WNc9pooe6gq9Whz7mEglaXi2OPTOlkBysc1XDoCaJZUHDrGjy4JHjvET06d:xM6gq9WlybAi2CO6vc1IHUHPhgEd

Malware Config

Targets

    • Target

      2025-03-13_79bc52fbe4be7638d393ae7e3e185ea5_wannacry

    • Size

      103KB

    • MD5

      79bc52fbe4be7638d393ae7e3e185ea5

    • SHA1

      4e402d19196a444fb78f3597a3cb06bd39aee262

    • SHA256

      d9b2d86086d39cc3edab32a2320b3579c84ee5f67227ca7b16fd1a8cd72d09aa

    • SHA512

      768047ebc60b722a98587c050849a4cf238076220c49ef39d52a3fac3cf60ea4cdec627714df84b744b03a36a48fa29422f7fbff7bf564b4d8bb0cf4c505361c

    • SSDEEP

      1536:WNc9pooe6gq9Whz7mEglaXi2OPTOlkBysc1XDoCaJZUHDrGjy4JHjvET06d:xM6gq9WlybAi2CO6vc1IHUHPhgEd

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks