General
-
Target
2025-06-03_c9c3762d95a3c16e590e5d1c7504d273_destroyer_elex_wannacry
-
Size
43KB
-
Sample
250603-h3b9ca1rs3
-
MD5
c9c3762d95a3c16e590e5d1c7504d273
-
SHA1
bbe6de243bdf3f64d32b2adb46d2c698408e3825
-
SHA256
561f6a1b64e93a36d1b13df595fb20d611e57ba4f7f22703b2a87f46c6939919
-
SHA512
a7ed0606762f9536453c11c89d5b15f885cddcffdb10aa98a605bd0f16eed7a9da0af95233c185141774d0f062412fd0e6b9948f2c4b0e6bd5e5e3ecd4b445c8
-
SSDEEP
768:oJCRKcMJiqt9rKtazqyslumOoqaz5CJ5Zua06U1:CdXt9rKtazqyslpOF+q5w6c
Behavioral task
behavioral1
Sample
2025-06-03_c9c3762d95a3c16e590e5d1c7504d273_destroyer_elex_wannacry.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-03_c9c3762d95a3c16e590e5d1c7504d273_destroyer_elex_wannacry.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
2025-06-03_c9c3762d95a3c16e590e5d1c7504d273_destroyer_elex_wannacry
-
Size
43KB
-
MD5
c9c3762d95a3c16e590e5d1c7504d273
-
SHA1
bbe6de243bdf3f64d32b2adb46d2c698408e3825
-
SHA256
561f6a1b64e93a36d1b13df595fb20d611e57ba4f7f22703b2a87f46c6939919
-
SHA512
a7ed0606762f9536453c11c89d5b15f885cddcffdb10aa98a605bd0f16eed7a9da0af95233c185141774d0f062412fd0e6b9948f2c4b0e6bd5e5e3ecd4b445c8
-
SSDEEP
768:oJCRKcMJiqt9rKtazqyslumOoqaz5CJ5Zua06U1:CdXt9rKtazqyslpOF+q5w6c
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1