General

  • Target

    2025-03-13_8fa709ffd1ed8ca2682a7b013fde0e53_wannacry

  • Size

    103KB

  • Sample

    250313-mpgdcstjs8

  • MD5

    8fa709ffd1ed8ca2682a7b013fde0e53

  • SHA1

    5a231c2ed922182b25c3b88c88ccece5c95879d5

  • SHA256

    526a87ce682ec831ea656b211dc7d681b0db25cdbcc3972d33fd9f369ff5743f

  • SHA512

    af19e18c965395e8347f67a0d58f14fd144f9057e0b7583256a0a26d5ff8f5baadaa56142c918f4a28796c30efbf20a162952ed2590dc930d0613dc1642e4f40

  • SSDEEP

    1536:WNc9pooe6gq9Whz7mEglaXi2OPTOlkBysc1XDoCaJZUHDrGjy4JHjvET06dS:xM6gq9WlybAi2CO6vc1IHUHPhgEdS

Malware Config

Targets

    • Target

      2025-03-13_8fa709ffd1ed8ca2682a7b013fde0e53_wannacry

    • Size

      103KB

    • MD5

      8fa709ffd1ed8ca2682a7b013fde0e53

    • SHA1

      5a231c2ed922182b25c3b88c88ccece5c95879d5

    • SHA256

      526a87ce682ec831ea656b211dc7d681b0db25cdbcc3972d33fd9f369ff5743f

    • SHA512

      af19e18c965395e8347f67a0d58f14fd144f9057e0b7583256a0a26d5ff8f5baadaa56142c918f4a28796c30efbf20a162952ed2590dc930d0613dc1642e4f40

    • SSDEEP

      1536:WNc9pooe6gq9Whz7mEglaXi2OPTOlkBysc1XDoCaJZUHDrGjy4JHjvET06dS:xM6gq9WlybAi2CO6vc1IHUHPhgEdS

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks