General

  • Target

    c6ab2ae000b489854095e1cbc87e81835dea0075bc2d7830be8ec1196aeaa658.exe

  • Size

    3MB

  • Sample

    221010-s8rw4acdg3

  • MD5

    994f6f533bcadd1f28846ce4798da093

  • SHA1

    cc02bc9c00e147ff9c7937fdf69ceb409b921791

  • SHA256

    c6ab2ae000b489854095e1cbc87e81835dea0075bc2d7830be8ec1196aeaa658

  • SHA512

    a54c4b2da963455eefabf4ebd753d6d7b1e119a5820afe5e1053ba0b8d7f9395ef11f3b26d7c801fc75f50169de7b68910decaba8b7f1c0e8b75632f375dd9d8

  • SSDEEP

    24576:2bLgdri2QhfdmMSirYbcMNgef0QeQFAMEcpcL7nEaut:2nWQqMSPbcBVQewAMEcaEau

Malware Config

Targets

    • Target

      c6ab2ae000b489854095e1cbc87e81835dea0075bc2d7830be8ec1196aeaa658.exe

    • Size

      3MB

    • MD5

      994f6f533bcadd1f28846ce4798da093

    • SHA1

      cc02bc9c00e147ff9c7937fdf69ceb409b921791

    • SHA256

      c6ab2ae000b489854095e1cbc87e81835dea0075bc2d7830be8ec1196aeaa658

    • SHA512

      a54c4b2da963455eefabf4ebd753d6d7b1e119a5820afe5e1053ba0b8d7f9395ef11f3b26d7c801fc75f50169de7b68910decaba8b7f1c0e8b75632f375dd9d8

    • SSDEEP

      24576:2bLgdri2QhfdmMSirYbcMNgef0QeQFAMEcpcL7nEaut:2nWQqMSPbcBVQewAMEcaEau

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3286) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (988) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks