General

  • Target

    2025-06-02_2873e34d4f371ac4fcbe323c8261ae3d_destroyer_elex_wannacry

  • Size

    92KB

  • Sample

    250602-3f8n9awzfz

  • MD5

    2873e34d4f371ac4fcbe323c8261ae3d

  • SHA1

    08b1429714e5a5a9af7fb9b67aa494c9d604d1df

  • SHA256

    7cf758e793a801d722f721685e2db5057998876bbab154a05fa061ac754565a0

  • SHA512

    cba0b1c7f81fd924e8c6a12be4581ef63c38150f01965436e50917ab6a854296cbf5083a562d3dcd63cfdb4f6e6a88350724995126dcd40848fb9f0950956a54

  • SSDEEP

    1536:Y3kINDgr9SyowM+mphWV7rE2ppAPznb7ietRq3SfUqi2D1WBUVrGnM:Y3kEDgr9SyoDpMV7rh2znb7HyaV8BUVN

Malware Config

Targets

    • Target

      2025-06-02_2873e34d4f371ac4fcbe323c8261ae3d_destroyer_elex_wannacry

    • Size

      92KB

    • MD5

      2873e34d4f371ac4fcbe323c8261ae3d

    • SHA1

      08b1429714e5a5a9af7fb9b67aa494c9d604d1df

    • SHA256

      7cf758e793a801d722f721685e2db5057998876bbab154a05fa061ac754565a0

    • SHA512

      cba0b1c7f81fd924e8c6a12be4581ef63c38150f01965436e50917ab6a854296cbf5083a562d3dcd63cfdb4f6e6a88350724995126dcd40848fb9f0950956a54

    • SSDEEP

      1536:Y3kINDgr9SyowM+mphWV7rE2ppAPznb7ietRq3SfUqi2D1WBUVrGnM:Y3kEDgr9SyoDpMV7rh2znb7HyaV8BUVN

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks