Overview

overview

10

Static

static

3

Mosskin.exe

windows7-x64

10

Mosskin.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9686a42b1445a421a4295051e4d93ae6_JaffaCakes118

  • Size

    3.3MB

  • Sample

    240604-2xlqdafb28

  • MD5

    9686a42b1445a421a4295051e4d93ae6

  • SHA1

    fdca8b10efccce1709eb67d4c03b2ce321e66a55

  • SHA256

    17b0691fd13c88f244f33b5a24722f14c5f1b91dc3b82703135b0657a6d0555b

  • SHA512

    dd1415b7dd6268f9eaa5f0d689f9b03b2d6421a15336cd83c72aa11fe02f0c6cf5bcba01a9e16e955e18d75d9b30b50be551d062a5e9c9ccf7afb2fd67eb85b6

  • SSDEEP

    98304:HR11bx/cT72SUVan6SYs1H/JWCdjh7Xpcwi/ZkE36:HR1z/872nanZYsGCRppcwSaEK

Score
10/10
wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

MITRE ATT&CK Enterprise v15

Tasks