General

  • Target

    364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db

  • Size

    5.0MB

  • Sample

    220626-dj6avsged3

  • MD5

    d454cf8158b1432c4c9f508d09f4276f

  • SHA1

    18bec73433069e332cb776c0c72f49b0a6022318

  • SHA256

    364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db

  • SHA512

    7163ef196d4282da8ccc66ccde796b5216cd19dcfe526fd675c35a822035a3d93e49de2583b6656aad39c08fae2d6e60a8b28bb6d15c1d2cbd2e5b499a11837a

Malware Config

Targets

    • Target

      364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db

    • Size

      5.0MB

    • MD5

      d454cf8158b1432c4c9f508d09f4276f

    • SHA1

      18bec73433069e332cb776c0c72f49b0a6022318

    • SHA256

      364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db

    • SHA512

      7163ef196d4282da8ccc66ccde796b5216cd19dcfe526fd675c35a822035a3d93e49de2583b6656aad39c08fae2d6e60a8b28bb6d15c1d2cbd2e5b499a11837a

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • suricata: ET MALWARE Known Sinkhole Response Kryptos Logic

      suricata: ET MALWARE Known Sinkhole Response Kryptos Logic

    • suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

      suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

    • Contacts a large (2884) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (796) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Network Service Scanning

3
T1046

Tasks