General

  • Target

    2025-06-02_f2293736f134b3d44757a9058bd6f04d_elex_wannacry

  • Size

    1.4MB

  • Sample

    250602-mrx4wsyzey

  • MD5

    f2293736f134b3d44757a9058bd6f04d

  • SHA1

    68bc0a48fa18c9dd179d3832fa9b12d9d85115b7

  • SHA256

    88f43a37ec3e3fe445a057390782e6e60e13f8ae113b88ad673b5d2c875dc95b

  • SHA512

    95c6c888c436e305d9404194983d3c14baca7ea855c95cf993615948b89f16c042f6c8d37695c4db2bc2065439e09bf669c21dcdac7d213880e83e1c098cb072

  • SSDEEP

    24576:slmsQlyAtZlP50mwwuYvwnGszGBMhq+ItlJ:sQQAtZlS5JYvwGshq+

Malware Config

Targets

    • Target

      2025-06-02_f2293736f134b3d44757a9058bd6f04d_elex_wannacry

    • Size

      1.4MB

    • MD5

      f2293736f134b3d44757a9058bd6f04d

    • SHA1

      68bc0a48fa18c9dd179d3832fa9b12d9d85115b7

    • SHA256

      88f43a37ec3e3fe445a057390782e6e60e13f8ae113b88ad673b5d2c875dc95b

    • SHA512

      95c6c888c436e305d9404194983d3c14baca7ea855c95cf993615948b89f16c042f6c8d37695c4db2bc2065439e09bf669c21dcdac7d213880e83e1c098cb072

    • SSDEEP

      24576:slmsQlyAtZlP50mwwuYvwnGszGBMhq+ItlJ:sQQAtZlS5JYvwGshq+

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks