General

  • Target

    2025-03-13_4747e7b2953fb48716d483cfb0dfb6ed_wannacry

  • Size

    3.4MB

  • Sample

    250313-xn4glszxaz

  • MD5

    4747e7b2953fb48716d483cfb0dfb6ed

  • SHA1

    fd2fa5a1e60f87de718b44223b97dc5f26e74292

  • SHA256

    002e3410e26547fa153aa13ccf762055778a200f8cf8bfb2386919f102bfaba7

  • SHA512

    8eafcfe0baa42d7ce4d98fa736a9655c69b2ac17fc2cf60d77ac801cbe1aadfa84378ee892f19b086832eab497a854987483c02b9819217e7b1b07bfd3c7242e

  • SSDEEP

    24576:0+3GXaMGYuIDYymlZlWnuVqVZ8ocZlhobsH8X56pbygqCvwsBOGVGXJeUHtFUKHu:VWnK9V4ITfVVvwYJKHF5

Malware Config

Targets

    • Target

      2025-03-13_4747e7b2953fb48716d483cfb0dfb6ed_wannacry

    • Size

      3.4MB

    • MD5

      4747e7b2953fb48716d483cfb0dfb6ed

    • SHA1

      fd2fa5a1e60f87de718b44223b97dc5f26e74292

    • SHA256

      002e3410e26547fa153aa13ccf762055778a200f8cf8bfb2386919f102bfaba7

    • SHA512

      8eafcfe0baa42d7ce4d98fa736a9655c69b2ac17fc2cf60d77ac801cbe1aadfa84378ee892f19b086832eab497a854987483c02b9819217e7b1b07bfd3c7242e

    • SSDEEP

      24576:0+3GXaMGYuIDYymlZlWnuVqVZ8ocZlhobsH8X56pbygqCvwsBOGVGXJeUHtFUKHu:VWnK9V4ITfVVvwYJKHF5

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks