wannacry

General

Target

240219-tf7brafh73_pw_infected.zip
Size

3.3MB
Sample

240226-vpvjzsbh8x
MD5

a48e102a737c9c3506a98d766e466195
SHA1

13ce0d69d73a537e7745e47706aab5508f231dde
SHA256

07277482c7598874910acd36595298a91c63ac15986d4caf3b10c85833101336
SHA512

05e57c4d94f45c8c99910e5b802bb20758137bfb8a15b9b18a58f173847b90818b919c6c4c5a9ba7cd6a6991773cd2ce01ba454e56b09f19898ab64435bb6066
SSDEEP

49152:i+c0LBMP9X1iWaaVKd0jbkQy1uycb+xyIN+2kH+IRHVoAicMRD9zJthV:nBMlg/kKuf4BcbwyMIR1oLhzfhV

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

- Target
  
  240219-tf7brafh73_pw_infected.zip
- Size
  
  3.3MB
- MD5
  
  a48e102a737c9c3506a98d766e466195
- SHA1
  
  13ce0d69d73a537e7745e47706aab5508f231dde
- SHA256
  
  07277482c7598874910acd36595298a91c63ac15986d4caf3b10c85833101336
- SHA512
  
  05e57c4d94f45c8c99910e5b802bb20758137bfb8a15b9b18a58f173847b90818b919c6c4c5a9ba7cd6a6991773cd2ce01ba454e56b09f19898ab64435bb6066
- SSDEEP
  
  49152:i+c0LBMP9X1iWaaVKd0jbkQy1uycb+xyIN+2kH+IRHVoAicMRD9zJthV:nBMlg/kKuf4BcbwyMIR1oLhzfhV
Score

1^/10
behavioral1 behavioral2
- Target
  
  Ransomware.WannaCry.zip
- Size
  
  3.3MB
- MD5
  
  efe76bf09daba2c594d2bc173d9b5cf0
- SHA1
  
  ba5de52939cb809eae10fdbb7fac47095a9599a7
- SHA256
  
  707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
- SHA512
  
  4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029
- SSDEEP
  
  98304:vhvb2BVmAw0p9jIVcEj5nnZNRyA30yBSRT:vhvq7Bu6EZnZN5EyBSN
Score

1^/10
behavioral3 behavioral4
- Target
  
  ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
- Size
  
  3.4MB
- MD5
  
  84c82835a5d21bbcf75a61706d8ab549
- SHA1
  
  5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
- SHA256
  
  ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
- SHA512
  
  90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
- SSDEEP
  
  98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB
Score

10^/10

wannacry discovery persistence ransomware spyware stealer worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral5 behavioral6