Overview

overview

10

Static

static

1

MalwareDatabase

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareDatabase

  • Size

    286KB

  • Sample

    240327-vn7g6agf78

  • MD5

    dae165a308c08de6deb48e1e131b7a90

  • SHA1

    821ba303f93de1b1adb034111029a5a6cc4dde4a

  • SHA256

    15dc4de20b020bfb7391d7a8b5aa04dc062feacf007f3f57e800989590074879

  • SHA512

    acc8a381f9be96c93daa0f86524a8df5adfe6a32c13bd6345aed4d3ad3093529a5a60da7c32323414f79a8ea173127b501cfe2e1ed04ed70db8508fe98437c4f

  • SSDEEP

    6144:gDuqJTf/rVSgE29xxspm0n1vuz3X97vZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vit:kf/rVSgE29xxspm0n1vuz3X97vZJT3Cc

Score
10/10
mimikatzwannacrydiscoveryransomwareworm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Targets

    • Target

      MalwareDatabase

    • Size

      286KB

    • MD5

      dae165a308c08de6deb48e1e131b7a90

    • SHA1

      821ba303f93de1b1adb034111029a5a6cc4dde4a

    • SHA256

      15dc4de20b020bfb7391d7a8b5aa04dc062feacf007f3f57e800989590074879

    • SHA512

      acc8a381f9be96c93daa0f86524a8df5adfe6a32c13bd6345aed4d3ad3093529a5a60da7c32323414f79a8ea173127b501cfe2e1ed04ed70db8508fe98437c4f

    • SSDEEP

      6144:gDuqJTf/rVSgE29xxspm0n1vuz3X97vZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vit:kf/rVSgE29xxspm0n1vuz3X97vZJT3Cc

    Score
    10/10
    mimikatzwannacrydiscoveryransomwareworm

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • mimikatz is an open source tool to dump credentials on Windows

    • Modifies file permissions

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks