Extracted

• • Target

    Nitr0-G3n3rat0r.exe

  • Size

    23.8MB

  • MD5

    f04a56628a19894bd9c0403757656f79

  • SHA1

    1c4d8f4c61297d9128c5922b097c9a1619dea695

  • SHA256

    5698d21c2b45070e70349fd8c7358afcab0d36fdd5bac0a1f8174a1dd6d311b2

  • SHA512

    8f03e5b400d54a7569eaa6fffb408692cd35bdb498ce0b735cd4b49d6abcebed90e61c9246987abafbd30124b417db54f2f8fd93ed1b602b5ffb14944a824685

  • SSDEEP

    393216:WuLrpBgQTSBfFZNRwSo6oDfDg4c6AHZgOGF3hi:r5BgQeBfFXR66ob03pZr63

  Score

  10^/10

  wannacrypersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2