Resubmissions

06-06-2023 12:27

230606-pmta9ade98 10

06-06-2023 12:08

230606-pa9sgaea8s 10

General

  • Target

    test.txt

  • Size

    213.9MB

  • Sample

    230606-pmta9ade98

  • MD5

    68e325573ee02c1c9b8260b6048a3d99

  • SHA1

    18a20cbf2f9b8d91fde86e8796cd3b134527fce2

  • SHA256

    56157187dbe9702708dfe42e95f3d4569349a2868ebf99ebf56e973ec35dc53d

  • SHA512

    4d0b467d089b2e9fd638e36a68bb7c1b4c0cf2efca6fee3eea320b95af2c95eef39b807d3b1315809559f3056765137b6fef660363973d69b9d63d2f64525964

  • SSDEEP

    3072:LsxJJJJJJJJJJJJJJJJJJJJE4JJJJJJJJJJJJJJJJJJJJJY4JJJJJJJJJJJJJJJ6:1

Malware Config

Extracted

Path

C:\Users\Admin\Documents\!Please Read Me!.txt

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �
Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Targets

    • Target

      test.txt

    • Size

      213.9MB

    • MD5

      68e325573ee02c1c9b8260b6048a3d99

    • SHA1

      18a20cbf2f9b8d91fde86e8796cd3b134527fce2

    • SHA256

      56157187dbe9702708dfe42e95f3d4569349a2868ebf99ebf56e973ec35dc53d

    • SHA512

      4d0b467d089b2e9fd638e36a68bb7c1b4c0cf2efca6fee3eea320b95af2c95eef39b807d3b1315809559f3056765137b6fef660363973d69b9d63d2f64525964

    • SSDEEP

      3072:LsxJJJJJJJJJJJJJJJJJJJJE4JJJJJJJJJJJJJJJJJJJJJY4JJJJJJJJJJJJJJJ6:1

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Deletion

2
T1107

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Impact

Inhibit System Recovery

2
T1490

Tasks