General
-
Target
2025-06-30_6521941002a027eda11ddfb5e0bfd070_destroyer_elex_wannacry
-
Size
64KB
-
Sample
250630-zdk9dsgl4x
-
MD5
6521941002a027eda11ddfb5e0bfd070
-
SHA1
c74546be184bae0db27155335ef2b6b8cc1bad0b
-
SHA256
6ffc11d1318fb26a30fed9b77d0b1d44d26c3ad204bccc12828de5952c00ef4e
-
SHA512
b634f1af63e80009a6c4ad012930e68dd9f7c3a743dd8072c491c134ea5f22771534656f0c977edfa88b8a3115299f72af33a3eac38a5e2beba990eb46525f25
-
SSDEEP
768:Aqo213mnplnmjQIr9q+wH/RScoWFqnr64NdUwDD/4SArl/TOGWwePKc:no212DAQIr9qb//oWInrZ3fb187iP
Behavioral task
behavioral1
Sample
2025-06-30_6521941002a027eda11ddfb5e0bfd070_destroyer_elex_wannacry.exe
Resource
win10v2004-20250610-en
Malware Config
Extracted
C:\Users\Admin\Documents\PREDATOR V0.0.9 PRO EDITION
1PUoQp1FWW8Yv6AXdrd7sLN6rcnUmJG1Q4
Targets
-
-
Target
2025-06-30_6521941002a027eda11ddfb5e0bfd070_destroyer_elex_wannacry
-
Size
64KB
-
MD5
6521941002a027eda11ddfb5e0bfd070
-
SHA1
c74546be184bae0db27155335ef2b6b8cc1bad0b
-
SHA256
6ffc11d1318fb26a30fed9b77d0b1d44d26c3ad204bccc12828de5952c00ef4e
-
SHA512
b634f1af63e80009a6c4ad012930e68dd9f7c3a743dd8072c491c134ea5f22771534656f0c977edfa88b8a3115299f72af33a3eac38a5e2beba990eb46525f25
-
SSDEEP
768:Aqo213mnplnmjQIr9q+wH/RScoWFqnr64NdUwDD/4SArl/TOGWwePKc:no212DAQIr9qb//oWInrZ3fb187iP
-
Chaos Ransomware
-
Chaos family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1