Overview

overview

10

Static

static

10

2023-02-19...ry.exe

windows7-x64

10

2023-02-19...ry.exe

windows10-2004-x64

10

Resubmissions

23-02-2023 18:39

230223-xazw9sgh45 10

19-02-2023 04:44

230219-fctplaeg27 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2023-02-19_7f97b34a113170d02ff8008c2bbc7745_wannacry.exe

  • Size

    6.0MB

  • Sample

    230219-fctplaeg27

  • MD5

    7f97b34a113170d02ff8008c2bbc7745

  • SHA1

    fe00b8cfc0896d6d23ff3628af8c406a7683d707

  • SHA256

    6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe

  • SHA512

    a899eb8481c02d0c983c7761ca9962ffdea22354cdef6cefeadbdf0ac96d43a54c02ea72e89b8b5c2bdefed38ecdd960a8d267e3fc15545286844baf40ac9e93

  • SSDEEP

    49152:LwLwHt4Ihqew+96PoBjYs5ngToDEZwTFgN+1TtI1VjFF3PBTqJQkYUjeAb3WUpPb:L9fhqezRobVjFyEUqA6Sp+ZIogCxfwis

Score
10/10
blackcatchaosgandcrablegionlockerbackdoorpersistenceransomware

Malware Config

Targets

    • Target

      2023-02-19_7f97b34a113170d02ff8008c2bbc7745_wannacry.exe

    • Size

      6.0MB

    • MD5

      7f97b34a113170d02ff8008c2bbc7745

    • SHA1

      fe00b8cfc0896d6d23ff3628af8c406a7683d707

    • SHA256

      6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe

    • SHA512

      a899eb8481c02d0c983c7761ca9962ffdea22354cdef6cefeadbdf0ac96d43a54c02ea72e89b8b5c2bdefed38ecdd960a8d267e3fc15545286844baf40ac9e93

    • SSDEEP

      49152:LwLwHt4Ihqew+96PoBjYs5ngToDEZwTFgN+1TtI1VjFF3PBTqJQkYUjeAb3WUpPb:L9fhqezRobVjFyEUqA6Sp+ZIogCxfwis

    Score
    10/10
    gandcrabbackdoorpersistenceransomware

    • GandCrab payload

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

      ransomwarebackdoorgandcrab

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks