General

  • Target

    66bb0b650bfdf95d6000f97d4bbf0f25

  • Size

    5.0MB

  • Sample

    220720-jbaf4sdfbn

  • MD5

    66bb0b650bfdf95d6000f97d4bbf0f25

  • SHA1

    fcaa64a6708b2a2d5541aff4396099fc0fc369bf

  • SHA256

    0ce349c3dba0d77585320010f0531548729455aaedd56c2ecb9d5fb7bd4d2abc

  • SHA512

    450c39719b90cbe335242381888fc6a4b55f60bebf8bfc4b8b6e19ae84b4cdc3938123e340a3a05065c4ac317d948ab63325204c8a91e2edd7cc27e54359b2b1

Malware Config

Targets

    • Target

      66bb0b650bfdf95d6000f97d4bbf0f25

    • Size

      5.0MB

    • MD5

      66bb0b650bfdf95d6000f97d4bbf0f25

    • SHA1

      fcaa64a6708b2a2d5541aff4396099fc0fc369bf

    • SHA256

      0ce349c3dba0d77585320010f0531548729455aaedd56c2ecb9d5fb7bd4d2abc

    • SHA512

      450c39719b90cbe335242381888fc6a4b55f60bebf8bfc4b8b6e19ae84b4cdc3938123e340a3a05065c4ac317d948ab63325204c8a91e2edd7cc27e54359b2b1

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3328) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1278) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks