General

  • Target

    3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8

  • Size

    5.0MB

  • Sample

    220625-nkeveacef8

  • MD5

    fd7c451d538bde5e7f4c44f9adcd9f20

  • SHA1

    52bca09f35d9c23bd96d5bbad1fd5e06a245190f

  • SHA256

    3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8

  • SHA512

    fd2926b03f3680d2f9f05ed209c617f7e00069ee451e4bc2c1233dcf6d62f4f6bc414d3cd390fa9d66e814e1ab4364fa20ae0a58a4d496df7c07b250b43bcb0f

Malware Config

Targets

    • Target

      3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8

    • Size

      5.0MB

    • MD5

      fd7c451d538bde5e7f4c44f9adcd9f20

    • SHA1

      52bca09f35d9c23bd96d5bbad1fd5e06a245190f

    • SHA256

      3950179ee45f03af2d6c1130d0db04ad3441c2befc7fb5a28460d5fc45f1beb8

    • SHA512

      fd2926b03f3680d2f9f05ed209c617f7e00069ee451e4bc2c1233dcf6d62f4f6bc414d3cd390fa9d66e814e1ab4364fa20ae0a58a4d496df7c07b250b43bcb0f

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • suricata: ET MALWARE Known Sinkhole Response Kryptos Logic

      suricata: ET MALWARE Known Sinkhole Response Kryptos Logic

    • suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

      suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

    • Contacts a large (1205) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Network Service Scanning

1
T1046

Tasks