Overview

overview

10

Static

static

10

2025-03-17...ry.exe

windows7-x64

10

2025-03-17...ry.exe

windows10-2004-x64

10

Resubmissions

25/03/2025, 13:33

250325-qtmbyszqs8 10

25/03/2025, 13:28

250325-qqrr9swyhv 10

17/03/2025, 17:07

250317-vm97navxdt 10

17/03/2025, 16:33

250317-t2ll6svsdv 10

17/03/2025, 16:01

250317-tge9natxcw 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-17_fa88e518bfa73401b06f46344fd7f50f_destroyer_wannacry

  • Size

    25KB

  • Sample

    250325-qtmbyszqs8

  • MD5

    fa88e518bfa73401b06f46344fd7f50f

  • SHA1

    113b0427a8068ee83b5367ba400b8d900ef37d51

  • SHA256

    436a860b7cf33a894940080dba3c9de6b3fc3a619f657915aecc22ea6c1de01f

  • SHA512

    cc1a7cce176861b73dc38463090ad6b487284cd76aac91543be74ae7ac2ff469e05a1555145fb3529b9b33ca2cabb442478df5384ddf4fb036ca89f07694a0d4

  • SSDEEP

    384:jYenjLLAwELM4Nuzb/3m3D4OIp91L5U1mbgyydxDGH:KwELMbXn941Ly+xDI

Score
10/10
chaosransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\read_it.txt

Ransom Note
Your computer has been permanently locked. You need to contact us to unlock your computer. How to get decryption services, you need to pay a ransom. Contact me by email. [email protected] You only need to pay me $500 and I will unencrypt your computer files for you, otherwise you will never be able to recover your computer data. -------------------------------------------------------------------------------------------------------------------------------------------------------------- 您的计算机已被永久锁定。你需要联系我们解锁你的电脑。 如何获得解密服务,你需要支付赎金。用电子邮件联系我。[email protected] 你只需要付我500美元,我就会为你解密你的电脑文件,否则你将永远无法恢复你的电脑数据。
Emails

[email protected]

如何获得解密服务,你需要支付赎金。用电子邮件联系我。[email protected]

Targets

    • Target

      2025-03-17_fa88e518bfa73401b06f46344fd7f50f_destroyer_wannacry

    • Size

      25KB

    • MD5

      fa88e518bfa73401b06f46344fd7f50f

    • SHA1

      113b0427a8068ee83b5367ba400b8d900ef37d51

    • SHA256

      436a860b7cf33a894940080dba3c9de6b3fc3a619f657915aecc22ea6c1de01f

    • SHA512

      cc1a7cce176861b73dc38463090ad6b487284cd76aac91543be74ae7ac2ff469e05a1555145fb3529b9b33ca2cabb442478df5384ddf4fb036ca89f07694a0d4

    • SSDEEP

      384:jYenjLLAwELM4Nuzb/3m3D4OIp91L5U1mbgyydxDGH:KwELMbXn941Ly+xDI

    Score
    10/10
    chaosransomwarespywarestealer

    • Chaos

      Ransomware family first seen in June 2021.

      ransomwarechaos

    • Chaos Ransomware

    • Chaos family

      chaos

    • Renames multiple (190) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks