General

  • Target

    74c9c570b7b1b383e0f5a266f0f7e17c1336f99e2df28e8be76f7d358c34d707

  • Size

    5.0MB

  • Sample

    220701-ghfwcsgcd5

  • MD5

    da480470e229f27bb2632ade91b37300

  • SHA1

    7da6b9048707adf18c997bcaec32d6bebc5580fb

  • SHA256

    74c9c570b7b1b383e0f5a266f0f7e17c1336f99e2df28e8be76f7d358c34d707

  • SHA512

    a39fba8d3b45345ed54dda14acecdbe815af7261eeabb7bd53ec321d31c0d1ad7a2d0e6e67c7596fbad9bc921c65f2635ec1dfb00805768124a2b17dd7c22d2d

Malware Config

Targets

    • Target

      74c9c570b7b1b383e0f5a266f0f7e17c1336f99e2df28e8be76f7d358c34d707

    • Size

      5.0MB

    • MD5

      da480470e229f27bb2632ade91b37300

    • SHA1

      7da6b9048707adf18c997bcaec32d6bebc5580fb

    • SHA256

      74c9c570b7b1b383e0f5a266f0f7e17c1336f99e2df28e8be76f7d358c34d707

    • SHA512

      a39fba8d3b45345ed54dda14acecdbe815af7261eeabb7bd53ec321d31c0d1ad7a2d0e6e67c7596fbad9bc921c65f2635ec1dfb00805768124a2b17dd7c22d2d

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • suricata: ET MALWARE Known Sinkhole Response Kryptos Logic

      suricata: ET MALWARE Known Sinkhole Response Kryptos Logic

    • suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

      suricata: ET MALWARE W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1

    • Contacts a large (830) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Network Service Scanning

1
T1046

Tasks