General

  • Target

    f20fb96c126b04600cd54d3093846fef

  • Size

    3MB

  • Sample

    220920-vbml8ahdgp

  • MD5

    f20fb96c126b04600cd54d3093846fef

  • SHA1

    04fade88f8b78f4f8f89c7d1620e5d37e18abebf

  • SHA256

    480f826cdf5a1e7761910ad42b7b2b9b101a47dad550f01f7a030fae83ed8136

  • SHA512

    4d50cc29e517f51dcb34dc0672277afd72f856e5e4cf46f3054ebb97191666ebe319fdf5278b7758a9c1765cac5ed834cb80023333b5fd6e8c7ef562f93df9a7

Malware Config

Targets

    • Target

      f20fb96c126b04600cd54d3093846fef

    • Size

      3MB

    • MD5

      f20fb96c126b04600cd54d3093846fef

    • SHA1

      04fade88f8b78f4f8f89c7d1620e5d37e18abebf

    • SHA256

      480f826cdf5a1e7761910ad42b7b2b9b101a47dad550f01f7a030fae83ed8136

    • SHA512

      4d50cc29e517f51dcb34dc0672277afd72f856e5e4cf46f3054ebb97191666ebe319fdf5278b7758a9c1765cac5ed834cb80023333b5fd6e8c7ef562f93df9a7

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3198) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1274) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation