General
-
Target
WannaCrypt0r.zip
-
Size
3.3MB
-
Sample
240504-vjrwxaeh38
-
MD5
e58fdd8b0ce47bcb8ffd89f4499d186d
-
SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03
-
SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
-
SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
-
SSDEEP
49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW
Static task
static1
Behavioral task
behavioral1
Sample
WannaCrypt0r.zip
Resource
win11-20240419-en
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___WRDXZ7_.txt
cerber
http://xpcx6erilkjced3j.onion/C3FA-C3C5-6FBF-0098-B5B0
http://xpcx6erilkjced3j.1n5mod.top/C3FA-C3C5-6FBF-0098-B5B0
http://xpcx6erilkjced3j.19kdeh.top/C3FA-C3C5-6FBF-0098-B5B0
http://xpcx6erilkjced3j.1mpsnr.top/C3FA-C3C5-6FBF-0098-B5B0
http://xpcx6erilkjced3j.18ey8e.top/C3FA-C3C5-6FBF-0098-B5B0
http://xpcx6erilkjced3j.17gcun.top/C3FA-C3C5-6FBF-0098-B5B0
Targets
-
-
Target
WannaCrypt0r.zip
-
Size
3.3MB
-
MD5
e58fdd8b0ce47bcb8ffd89f4499d186d
-
SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03
-
SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
-
SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
-
SSDEEP
49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW
Score10/10-
Contacts a large (1106) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-