General
-
Target
2025-06-05_f54ad0af3a7ac313eba92cff988935f0_elex_wannacry
-
Size
131KB
-
Sample
250605-ma85tsvzhz
-
MD5
f54ad0af3a7ac313eba92cff988935f0
-
SHA1
bf27c55fa50e18570a15236f576052228d902471
-
SHA256
7df745812fe39642d8851c953638f71d11a44c11a607712300d603c9ea4a5bc9
-
SHA512
53c8bfb8bf11cd5b4b4b264fca8b038d1e136e23585dbe1389008e3513453c8ae6b2b7ba62206ae9302190934172f6b9a2d4476a18cd393ea5ec9b46f34cf56c
-
SSDEEP
3072:1o9U+r9oYXxr1mdGvCjqitjfANQYJmxFQKJBj9fpiDMNhVDHJJv:Ar9oyxBmdG1iJ/YJmMChfpiMDpJ
Behavioral task
behavioral1
Sample
2025-06-05_f54ad0af3a7ac313eba92cff988935f0_elex_wannacry.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-05_f54ad0af3a7ac313eba92cff988935f0_elex_wannacry.exe
Resource
win11-20250502-en
Malware Config
Extracted
C:\Users\Admin\Documents\read_it.txt
Targets
-
-
Target
2025-06-05_f54ad0af3a7ac313eba92cff988935f0_elex_wannacry
-
Size
131KB
-
MD5
f54ad0af3a7ac313eba92cff988935f0
-
SHA1
bf27c55fa50e18570a15236f576052228d902471
-
SHA256
7df745812fe39642d8851c953638f71d11a44c11a607712300d603c9ea4a5bc9
-
SHA512
53c8bfb8bf11cd5b4b4b264fca8b038d1e136e23585dbe1389008e3513453c8ae6b2b7ba62206ae9302190934172f6b9a2d4476a18cd393ea5ec9b46f34cf56c
-
SSDEEP
3072:1o9U+r9oYXxr1mdGvCjqitjfANQYJmxFQKJBj9fpiDMNhVDHJJv:Ar9oyxBmdG1iJ/YJmMChfpiMDpJ
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1