General
-
Target
Malware-database-main.zip
-
Size
18.8MB
-
Sample
230608-mmn1esec68
-
MD5
dc0dd21c96ee6150fd7113a2ff66ae26
-
SHA1
173b2d647e31d7c520c462a4a162183937c00070
-
SHA256
82e34351115b01948c0ed5ba16337e6ddd3f519a0b6f681061fd5f50f95fda46
-
SHA512
16de438badf6523633668e6ad5d07cbed2f3b18175d54c26dfdeca4df255c0b4da63ad3b4a2ce3f12ea6fb7c85fe1bd92ce203c48c8d039cb7fcd272ed35cf11
-
SSDEEP
393216:OkwMafXDkKz600Y34smZkNV2K/b55GgJP9r+yNyvV/tQfCNIJ1w3vlB3ihXxbA:9LElZIkNV2I2gBk/tICNIJu3vlMfbA
Malware Config
Extracted
C:\Users\Admin\Documents\!Please Read Me!.txt
wannacry
15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1
Targets
-
-
Target
Malware-database-main/000.exe
-
Size
6.7MB
-
MD5
f2b7074e1543720a9a98fda660e02688
-
SHA1
1029492c1a12789d8af78d54adcb921e24b9e5ca
-
SHA256
4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
-
SHA512
73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff
-
SSDEEP
3072:eaLA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuz1o9Y:fLJlC6j0CX4XmvWHVcd62uO9
Score8/10-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Sets desktop wallpaper using registry
-
-
-
Target
Malware-database-main/ChilledWindows.exe
-
Size
4.4MB
-
MD5
6a4853cd0584dc90067e15afb43c4962
-
SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc
-
SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec
-
SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996
-
SSDEEP
98304:XyDt6K4MJVnjOobt/JN1LA5elHc+S4fRp5UvluKo:XyDtK8bbxn+IHcBEV/F
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Malware-database-main/Christmas.exe
-
Size
482KB
-
MD5
c35aa97962c4132ef87768d6e7e4faea
-
SHA1
bb696ec7709f94067bc0cea5d53432f7f60667e3
-
SHA256
cb7c01aa6b8d1f7fa7131d6444a220cedf0c51102c127a13a4313e4249b1f88e
-
SHA512
21d838c035b958f1e92aef0c6591d9631215f088bd96653a9d15b4293fdaab2d1b404c0f0e38f14eba3d69099dc07fc5191caa89f49aba956674e7f9b461450c
-
SSDEEP
6144:s68WiSoFDCIIH9rTmoSoaTxxsVW9rmdA1h3UeJsFtusIP3q7bNB+Xrge138ahLWk:CWiSoF2dN0KcPJsJ0ObNB+rKaVW+Is9
Score6/10-
Adds Run key to start application
-
-
-
Target
Malware-database-main/CookieClickerHack.exe
-
Size
68KB
-
MD5
bc1e7d033a999c4fd006109c24599f4d
-
SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec
-
SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401
-
SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276
-
SSDEEP
768:bhU+D/no2u+6JaAcNRFJ67Pn975JqiG6BwUqdVBF+G2JOnCC6G2JOtCCm:bhjDIrU0h5Jqi7qzb2ICCb26CCm
Score1/10 -
-
-
Target
Malware-database-main/Electron V2.exe
-
Size
39KB
-
MD5
b1228ba24ca5f75f8df9d5d177e5bb2b
-
SHA1
1895758de51ccfefa40239aa11055540c8c5deb7
-
SHA256
04b106b179c202c67361aa4debad5d82f79a1927ab0ab8abc2ef350d18894b08
-
SHA512
7abc1df0089a1a00aadc11c33eecffb5d85258acc4eac0b261ceaea77e814eaf671506383fe0074fd5779b8bc58e0f48f0d15309aa81aecf27ecc6633da4c5a4
-
SSDEEP
768:hqo2khp1DlNjwQr9KWO4TOpkx7u/LraCvpbMC2mkek:ko2kFpNjwQr9KWODkx74L2CNf5k
Score10/10-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
-
-
Target
Malware-database-main/Flasher.exe
-
Size
246KB
-
MD5
9254ca1da9ff8ad492ca5fa06ca181c6
-
SHA1
70fa62e6232eae52467d29cf1c1dacb8a7aeab90
-
SHA256
30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6
-
SHA512
a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a
-
SSDEEP
6144:/85Z+Y97t0Kc0Nd5bHzvvj/R87Z3BxonZ:/8vd2KxNPjs3gZ
Score1/10 -
-
-
Target
Malware-database-main/MEMZ Trojan.exe
-
Size
12KB
-
MD5
9c642c5b111ee85a6bccffc7af896a51
-
SHA1
eca8571b994fd40e2018f48c214fab6472a98bab
-
SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
-
SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
-
SSDEEP
192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa
Score1/10 -
-
-
Target
Malware-database-main/Popup.exe
-
Size
373KB
-
MD5
9c3e9e30d51489a891513e8a14d931e4
-
SHA1
4e5a5898389eef8f464dee04a74f3b5c217b7176
-
SHA256
f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8
-
SHA512
bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7
-
SSDEEP
6144:yN6MLNACl/+9EhE/jIxlOaNpA7tRzXBWRiB6nlbKsgP5o24a4pF0ghqbjY:Kh29IEUxhiHWRIglbKsgRokTghf
Score1/10 -
-
-
Target
Malware-database-main/PowerPoint.exe
-
Size
136KB
-
MD5
70108103a53123201ceb2e921fcfe83c
-
SHA1
c71799a6a6d09ee758b04cdf90a4ab76fbd2a7e3
-
SHA256
9c3f8df80193c085912c9950c58051ae77c321975784cc069ceacd4f57d5861d
-
SHA512
996701c65eee7f781c2d22dce63f4a95900f36b97a99dcf833045bce239a08b3c2f6326b3a808431cdab92d59161dd80763e44126578e160d79b7095175d276b
-
SSDEEP
1536:3VrdxBvcGdDHHtWv8udA1JYREgJ/qEOpsChnU4V1lyqHv4vAmOG9HSDKRppppp5B:1H5D0dSgo7ppTV1lyqPOAmOG9HSOD
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Malware-database-main/RedEye.exe
-
Size
10.6MB
-
MD5
e9e5596b42f209cc058b55edc2737a80
-
SHA1
f30232697b3f54e58af08421da697262c99ec48b
-
SHA256
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305
-
SHA512
e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7
-
SSDEEP
196608:+ahZ5qN3wvdJBiAv1hXx7jeeDt9/wGoyIu+sTvDmQONhL/LslAVyq8rZyA+TXtT4:+w6NAvPAA/Xx3eeDtTD+GDONhL/AlAV8
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Modifies Windows Firewall
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Sets desktop wallpaper using registry
-
-
-
Target
Malware-database-main/WannaCry.exe
-
Size
224KB
-
MD5
5c7fb0927db37372da25f270708103a2
-
SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29
-
SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
-
SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206
-
SSDEEP
3072:Y059femWRwTs/dbelj0X8/j84pcRXPlU3Upt3or4H84lK8PtpLzLsR/EfcZ:+5RwTs/dSXj84mRXPemxdBlPvLzLeZ
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
-
-
Target
Malware-database-main/butterflyondesktop.exe
-
Size
2.8MB
-
MD5
1535aa21451192109b86be9bcc7c4345
-
SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c
-
SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
-
SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
SSDEEP
49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Winlogon Helper DLL
1Registry Run Keys / Startup Folder
4Bootkit
1Modify Existing Service
2Defense Evasion
Modify Registry
12Disabling Security Tools
2Bypass User Account Control
1File Deletion
4