General
-
Target
364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db
-
Size
5.0MB
-
Sample
220626-dj6avsged3
-
MD5
d454cf8158b1432c4c9f508d09f4276f
-
SHA1
18bec73433069e332cb776c0c72f49b0a6022318
-
SHA256
364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db
-
SHA512
7163ef196d4282da8ccc66ccde796b5216cd19dcfe526fd675c35a822035a3d93e49de2583b6656aad39c08fae2d6e60a8b28bb6d15c1d2cbd2e5b499a11837a
Malware Config
Targets
-
-
Target
364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db
-
Size
5.0MB
-
MD5
d454cf8158b1432c4c9f508d09f4276f
-
SHA1
18bec73433069e332cb776c0c72f49b0a6022318
-
SHA256
364765063f9d485bdc767450c15bb74c9d619a1de8614232049f6e359b7ec7db
-
SHA512
7163ef196d4282da8ccc66ccde796b5216cd19dcfe526fd675c35a822035a3d93e49de2583b6656aad39c08fae2d6e60a8b28bb6d15c1d2cbd2e5b499a11837a
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
suricata: ET MALWARE Known Sinkhole Response Kryptos Logic
-
suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1
-
Contacts a large (2884) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (796) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-