General

  • Target

    6cbcc5c7e252ff3489e4dd5b00d36b64

  • Size

    3MB

  • Sample

    220920-t8cb3shddk

  • MD5

    6cbcc5c7e252ff3489e4dd5b00d36b64

  • SHA1

    48435af2b5d2968023a9021b04aa6c4895ddaedf

  • SHA256

    bace69b2e8dadcb678ea0c0e6323075a3cc619d572c3abd34b21ec3608bdfb49

  • SHA512

    89be60e680a81eb2291efa849ad41a315e623089acb44c7e78e86745dd0f8deddd68ee1f4ffdb24019b30bd1310db720de6400c8dd2dd0659c80e3c18c7e86b0

Malware Config

Targets

    • Target

      6cbcc5c7e252ff3489e4dd5b00d36b64

    • Size

      3MB

    • MD5

      6cbcc5c7e252ff3489e4dd5b00d36b64

    • SHA1

      48435af2b5d2968023a9021b04aa6c4895ddaedf

    • SHA256

      bace69b2e8dadcb678ea0c0e6323075a3cc619d572c3abd34b21ec3608bdfb49

    • SHA512

      89be60e680a81eb2291efa849ad41a315e623089acb44c7e78e86745dd0f8deddd68ee1f4ffdb24019b30bd1310db720de6400c8dd2dd0659c80e3c18c7e86b0

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3178) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1231) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation