Overview

overview

10

Static

static

1

BonziBUDDY!!!!!!.txt

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    BonziBUDDY!!!!!!.txt

  • Size

    58B

  • Sample

    240305-rxd1esha3y

  • MD5

    804161c9689a11073cb06c6efb14df48

  • SHA1

    116c59bb54d5a46ec5b01d1d46864e4e73436c37

  • SHA256

    75af24573f8e21f6f34e6ad1b6e25ae91dd6cc2ba97ad10e119354adccff1e59

  • SHA512

    2aae2ee83aa598adbac09c5b02fb13c41d4191b71395b93a29aa05b88e2f92a5e02b63aef130a0c6cecf82559d155339cd7612c73624aa12486c666d7320617b

Score
10/10
wannacrypersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �
Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Targets

    • Target

      BonziBUDDY!!!!!!.txt

    • Size

      58B

    • MD5

      804161c9689a11073cb06c6efb14df48

    • SHA1

      116c59bb54d5a46ec5b01d1d46864e4e73436c37

    • SHA256

      75af24573f8e21f6f34e6ad1b6e25ae91dd6cc2ba97ad10e119354adccff1e59

    • SHA512

      2aae2ee83aa598adbac09c5b02fb13c41d4191b71395b93a29aa05b88e2f92a5e02b63aef130a0c6cecf82559d155339cd7612c73624aa12486c666d7320617b

    Score
    10/10
    wannacrypersistenceransomwarespywarestealerworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks