General

  • Target

    2025-06-03_c9c3762d95a3c16e590e5d1c7504d273_destroyer_elex_wannacry

  • Size

    43KB

  • Sample

    250603-h3b9ca1rs3

  • MD5

    c9c3762d95a3c16e590e5d1c7504d273

  • SHA1

    bbe6de243bdf3f64d32b2adb46d2c698408e3825

  • SHA256

    561f6a1b64e93a36d1b13df595fb20d611e57ba4f7f22703b2a87f46c6939919

  • SHA512

    a7ed0606762f9536453c11c89d5b15f885cddcffdb10aa98a605bd0f16eed7a9da0af95233c185141774d0f062412fd0e6b9948f2c4b0e6bd5e5e3ecd4b445c8

  • SSDEEP

    768:oJCRKcMJiqt9rKtazqyslumOoqaz5CJ5Zua06U1:CdXt9rKtazqyslpOF+q5w6c

Malware Config

Targets

    • Target

      2025-06-03_c9c3762d95a3c16e590e5d1c7504d273_destroyer_elex_wannacry

    • Size

      43KB

    • MD5

      c9c3762d95a3c16e590e5d1c7504d273

    • SHA1

      bbe6de243bdf3f64d32b2adb46d2c698408e3825

    • SHA256

      561f6a1b64e93a36d1b13df595fb20d611e57ba4f7f22703b2a87f46c6939919

    • SHA512

      a7ed0606762f9536453c11c89d5b15f885cddcffdb10aa98a605bd0f16eed7a9da0af95233c185141774d0f062412fd0e6b9948f2c4b0e6bd5e5e3ecd4b445c8

    • SSDEEP

      768:oJCRKcMJiqt9rKtazqyslumOoqaz5CJ5Zua06U1:CdXt9rKtazqyslpOF+q5w6c

    • Chaos

      Ransomware family first seen in June 2021.

    • Chaos Ransomware

    • Chaos family

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks