General
-
Target
2025-03-17_ffdfb4889a8af7fee5c0d60731b3ff1b_wannacry
-
Size
9.1MB
-
Sample
250317-yrn2rsxvgt
-
MD5
ffdfb4889a8af7fee5c0d60731b3ff1b
-
SHA1
5e968b7cf87b36bf705882fb13e4774ef38f2386
-
SHA256
12cf510444fbe31d26b0d07046827713acff59310a677041d10a38baa5475bb9
-
SHA512
d9f8431cfe9e9999d1ac9957c99b18b45d38af2af612fe32b4c4573468e829b67619083e5b5f777ac2284131b38c0df973501138bb56b5e553303eb78ccc1073
-
SSDEEP
6144:ar9SUF0Gbetbpf5+hoIFZ/vNmjLPVwYpE/LpbueRsdxIh7m5hfLPeov23vWENOSe:U7yw2
Behavioral task
behavioral1
Sample
2025-03-17_ffdfb4889a8af7fee5c0d60731b3ff1b_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-03-17_ffdfb4889a8af7fee5c0d60731b3ff1b_wannacry.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
C:\Users\Admin\Desktop\READ ME.txt
http://gandcrabmfe6mnef.onion/34afc7c684c32ae3
Targets
-
-
Target
2025-03-17_ffdfb4889a8af7fee5c0d60731b3ff1b_wannacry
-
Size
9.1MB
-
MD5
ffdfb4889a8af7fee5c0d60731b3ff1b
-
SHA1
5e968b7cf87b36bf705882fb13e4774ef38f2386
-
SHA256
12cf510444fbe31d26b0d07046827713acff59310a677041d10a38baa5475bb9
-
SHA512
d9f8431cfe9e9999d1ac9957c99b18b45d38af2af612fe32b4c4573468e829b67619083e5b5f777ac2284131b38c0df973501138bb56b5e553303eb78ccc1073
-
SSDEEP
6144:ar9SUF0Gbetbpf5+hoIFZ/vNmjLPVwYpE/LpbueRsdxIh7m5hfLPeov23vWENOSe:U7yw2
Score10/10-
Chaos Ransomware
-
Chaos family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-