General

  • Target

    437bcfcc27e4ba1116f0159dde871bdb

  • Size

    4MB

  • Sample

    220920-vbvmtshdgq

  • MD5

    437bcfcc27e4ba1116f0159dde871bdb

  • SHA1

    6e65905373c3ea527749fc52c219dfc45c76a5cb

  • SHA256

    efa7b9b0cfd862cc6bca151d63cca7e5fd0da0d39ddbc327c6c2b340eb4dbe06

  • SHA512

    3104ab347a641a8489c51989f925a0a0d008801e65ee2dae52c95ef03ad76323342dc574ab50fb51f3263fbdb0d25e9d6b4f5e4ff79c53144a6e879fc0e50211

Malware Config

Targets

    • Target

      437bcfcc27e4ba1116f0159dde871bdb

    • Size

      4MB

    • MD5

      437bcfcc27e4ba1116f0159dde871bdb

    • SHA1

      6e65905373c3ea527749fc52c219dfc45c76a5cb

    • SHA256

      efa7b9b0cfd862cc6bca151d63cca7e5fd0da0d39ddbc327c6c2b340eb4dbe06

    • SHA512

      3104ab347a641a8489c51989f925a0a0d008801e65ee2dae52c95ef03ad76323342dc574ab50fb51f3263fbdb0d25e9d6b4f5e4ff79c53144a6e879fc0e50211

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (2995) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (1259) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation