General
-
Target
289fb0815a35d88e4e716881561d8d83
-
Size
3.5MB
-
Sample
200622-fw6t4g8yn6
-
MD5
289fb0815a35d88e4e716881561d8d83
-
SHA1
bfa1b4d8f331d0f226f45e55fba1ea1908c795b9
-
SHA256
3dc6191c1255cfbaf94461e9a44f5b698c5563bbf846c94c4edd343828943a1e
-
SHA512
2e3c5c808dc7fcec26352645f14c2542cf363a0ab964477e277668c18ae36505f1a1bdeea25aea4c5c2dbee26dd06b92d81abfefc1e1d70e81e18636f8f46601
Static task
static1
Behavioral task
behavioral1
Sample
289fb0815a35d88e4e716881561d8d83.exe
Resource
win7
Behavioral task
behavioral2
Sample
289fb0815a35d88e4e716881561d8d83.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
289fb0815a35d88e4e716881561d8d83
-
Size
3.5MB
-
MD5
289fb0815a35d88e4e716881561d8d83
-
SHA1
bfa1b4d8f331d0f226f45e55fba1ea1908c795b9
-
SHA256
3dc6191c1255cfbaf94461e9a44f5b698c5563bbf846c94c4edd343828943a1e
-
SHA512
2e3c5c808dc7fcec26352645f14c2542cf363a0ab964477e277668c18ae36505f1a1bdeea25aea4c5c2dbee26dd06b92d81abfefc1e1d70e81e18636f8f46601
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Modifies service
-
Sets desktop wallpaper using registry
-