General
-
Target
2025-06-05_b899ab954eed7be4704772810c5e25c9_chaos_destroyer_elex_wannacry
-
Size
23KB
-
Sample
250605-hay8eabm6x
-
MD5
b899ab954eed7be4704772810c5e25c9
-
SHA1
44ac0d11e098dd86fed7913ca162995f1d04d296
-
SHA256
7a1a1da76c9953988f72d617c5856f423a2d7f08f68b6b535f618f3961694aab
-
SHA512
741628be9f0a3236373cc068dbaee56adfdcca4d8aff487b69f3042197bc5af52d705ab3fc18848a5fa612e44779a0df9290c3ba8aa2165f92df4650a493f4b1
-
SSDEEP
384:33MLWHn3kI3fhmMUE8M879pEwR1J6r91Cz8b5reWE:Dn3kIJ8E8MspEIz6r9i8bteB
Behavioral task
behavioral1
Sample
2025-06-05_b899ab954eed7be4704772810c5e25c9_chaos_destroyer_elex_wannacry.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
C:\Users\Admin\Desktop\read_it.txt
chaos
Targets
-
-
Target
2025-06-05_b899ab954eed7be4704772810c5e25c9_chaos_destroyer_elex_wannacry
-
Size
23KB
-
MD5
b899ab954eed7be4704772810c5e25c9
-
SHA1
44ac0d11e098dd86fed7913ca162995f1d04d296
-
SHA256
7a1a1da76c9953988f72d617c5856f423a2d7f08f68b6b535f618f3961694aab
-
SHA512
741628be9f0a3236373cc068dbaee56adfdcca4d8aff487b69f3042197bc5af52d705ab3fc18848a5fa612e44779a0df9290c3ba8aa2165f92df4650a493f4b1
-
SSDEEP
384:33MLWHn3kI3fhmMUE8M879pEwR1J6r91Cz8b5reWE:Dn3kIJ8E8MspEIz6r9i8bteB
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-