Overview

overview

10

Static

static

1

code.ps1

windows7-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    code.ps1

  • Size

    6B

  • Sample

    240316-et59aade38

  • MD5

    5d7608e47d1befbebcbb6318de97862c

  • SHA1

    fcb8d8c65c666c7c2dc5e9bfa5a1f4d6f35763b8

  • SHA256

    e1e05c7ab4f07972dfc7eeb956881121e8e881d12e139e26565e3c4ef7aca833

  • SHA512

    6170813a6731c1780f1855659bc179d9ef48e38eb0f6440e28c4b11327549c9cb38c942db95cfd4a5b58a40195af777103fcb76768c68fff21da3fa42dcd22cf

Score
10/10
wannacrydiscoveryransomwareworm

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

    • Target

      code.ps1

    • Size

      6B

    • MD5

      5d7608e47d1befbebcbb6318de97862c

    • SHA1

      fcb8d8c65c666c7c2dc5e9bfa5a1f4d6f35763b8

    • SHA256

      e1e05c7ab4f07972dfc7eeb956881121e8e881d12e139e26565e3c4ef7aca833

    • SHA512

      6170813a6731c1780f1855659bc179d9ef48e38eb0f6440e28c4b11327549c9cb38c942db95cfd4a5b58a40195af777103fcb76768c68fff21da3fa42dcd22cf

    Score
    10/10
    wannacrydiscoveryransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies file permissions

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks