General

  • Target

    49c48b4a4100d4fb16f38018449ac720_JaffaCakes118

  • Size

    5.0MB

  • Sample

    240516-g3d79sfh99

  • MD5

    49c48b4a4100d4fb16f38018449ac720

  • SHA1

    55d73104e03093b1f795c841f6d88364e95af29e

  • SHA256

    0115a1fa4d3a67de1d5899627344cd0672bf4702305f6a8ca7bba9f496809857

  • SHA512

    e93c745717fed6c65fefb9837336251dc0fccd8825ee2eee72ff188dd695818e497cc93299908d7df5b9ac7c6e0769220637aa5aff0ea1b66633f9a88806cf82

  • SSDEEP

    98304:+DqPoxz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPc1Cxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      49c48b4a4100d4fb16f38018449ac720_JaffaCakes118

    • Size

      5.0MB

    • MD5

      49c48b4a4100d4fb16f38018449ac720

    • SHA1

      55d73104e03093b1f795c841f6d88364e95af29e

    • SHA256

      0115a1fa4d3a67de1d5899627344cd0672bf4702305f6a8ca7bba9f496809857

    • SHA512

      e93c745717fed6c65fefb9837336251dc0fccd8825ee2eee72ff188dd695818e497cc93299908d7df5b9ac7c6e0769220637aa5aff0ea1b66633f9a88806cf82

    • SSDEEP

      98304:+DqPoxz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2H:+DqPc1Cxcxk3ZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3189) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks