wannacry

General

Target

2023-05-30_779a5772665664149b4d4e06f052d62e_wannacry
Size

3.6MB
Sample

230601-c5p1bscf2y
MD5

779a5772665664149b4d4e06f052d62e
SHA1

8e98f99a276ca0af44c39dd131c6b6167c922469
SHA256

032c0e8bad0a860fc102f7c98ba454a663c7f234b6d7d86bd370a4b49e5e43ff
SHA512

b15b12e40702557940fe379aa29e76d3212f327b4018fcff9d14c5db912695ecfe6090b582b112cfd1c2d1f24df343f36cd5e13031fcfc0d90ab43ed2e09df57
SSDEEP

98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3U:wQqPe1Cxcxk3ZAEUadzR8yc4gE

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

- Target
  
  2023-05-30_779a5772665664149b4d4e06f052d62e_wannacry
- Size
  
  3.6MB
- MD5
  
  779a5772665664149b4d4e06f052d62e
- SHA1
  
  8e98f99a276ca0af44c39dd131c6b6167c922469
- SHA256
  
  032c0e8bad0a860fc102f7c98ba454a663c7f234b6d7d86bd370a4b49e5e43ff
- SHA512
  
  b15b12e40702557940fe379aa29e76d3212f327b4018fcff9d14c5db912695ecfe6090b582b112cfd1c2d1f24df343f36cd5e13031fcfc0d90ab43ed2e09df57
- SSDEEP
  
  98304:wQqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3U:wQqPe1Cxcxk3ZAEUadzR8yc4gE
Score

10^/10

wannacry discovery persistence ransomware spyware stealer worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Contacts a large (3199) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Contacts a large (1405) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2