General

  • Target

    Calendar.py

  • Size

    4KB

  • Sample

    240220-acnwfsfh3w

  • MD5

    e4a7733a419020ab5e0c9e2032d276b7

  • SHA1

    0bf5f89612265fef2d75949cf24f3018068fe202

  • SHA256

    09d7ff8937899b1ad5d1757e6d8f416270fa5c7526b07cb226cc2dba839f25a0

  • SHA512

    e9f42fd0dce7b4f2207c32ea39f8f6d33440f596059a4ad494151a5a3e6ec7131f53f257c2d6fcb04ac856727d29d9eb652f0eb87654c216d92f97049e8be727

  • SSDEEP

    96:g9JksScifsM1sH2TuNaZkdniBfukI79t1nxhLagQ/V/:oJbGfswiNaZT2z9HyJ

Malware Config

Targets

    • Target

      Calendar.py

    • Size

      4KB

    • MD5

      e4a7733a419020ab5e0c9e2032d276b7

    • SHA1

      0bf5f89612265fef2d75949cf24f3018068fe202

    • SHA256

      09d7ff8937899b1ad5d1757e6d8f416270fa5c7526b07cb226cc2dba839f25a0

    • SHA512

      e9f42fd0dce7b4f2207c32ea39f8f6d33440f596059a4ad494151a5a3e6ec7131f53f257c2d6fcb04ac856727d29d9eb652f0eb87654c216d92f97049e8be727

    • SSDEEP

      96:g9JksScifsM1sH2TuNaZkdniBfukI79t1nxhLagQ/V/:oJbGfswiNaZT2z9HyJ

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks