General
-
Target
2025-06-02_f2293736f134b3d44757a9058bd6f04d_elex_wannacry
-
Size
1.4MB
-
Sample
250602-mrx4wsyzey
-
MD5
f2293736f134b3d44757a9058bd6f04d
-
SHA1
68bc0a48fa18c9dd179d3832fa9b12d9d85115b7
-
SHA256
88f43a37ec3e3fe445a057390782e6e60e13f8ae113b88ad673b5d2c875dc95b
-
SHA512
95c6c888c436e305d9404194983d3c14baca7ea855c95cf993615948b89f16c042f6c8d37695c4db2bc2065439e09bf669c21dcdac7d213880e83e1c098cb072
-
SSDEEP
24576:slmsQlyAtZlP50mwwuYvwnGszGBMhq+ItlJ:sQQAtZlS5JYvwGshq+
Behavioral task
behavioral1
Sample
2025-06-02_f2293736f134b3d44757a9058bd6f04d_elex_wannacry.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-02_f2293736f134b3d44757a9058bd6f04d_elex_wannacry.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-06-02_f2293736f134b3d44757a9058bd6f04d_elex_wannacry
-
Size
1.4MB
-
MD5
f2293736f134b3d44757a9058bd6f04d
-
SHA1
68bc0a48fa18c9dd179d3832fa9b12d9d85115b7
-
SHA256
88f43a37ec3e3fe445a057390782e6e60e13f8ae113b88ad673b5d2c875dc95b
-
SHA512
95c6c888c436e305d9404194983d3c14baca7ea855c95cf993615948b89f16c042f6c8d37695c4db2bc2065439e09bf669c21dcdac7d213880e83e1c098cb072
-
SSDEEP
24576:slmsQlyAtZlP50mwwuYvwnGszGBMhq+ItlJ:sQQAtZlS5JYvwGshq+
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1