Overview

overview

10

Static

static

1

Ransomware-Samples

windows7-x64

1

Ransomware-Samples

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransomware-Samples

  • Size

    302KB

  • Sample

    240629-bdqbcazfkp

  • MD5

    a54a507481a648f0340b3b265bd5d276

  • SHA1

    5563529dd1fc334034f49b42416e921ef54fbe1a

  • SHA256

    9be562c3f2a211575f7871250c15fe9e7c9bd5789845c709f54eed4f3fec6925

  • SHA512

    348fde450e45dcae8fb6c6785ca9c5f11ffa1fdde7d04a4aee9e6f993e6bb2fc24c987f66f28cd700a96d5051863d57042a7b42413ea27363f19fdf9312f91cd

  • SSDEEP

    6144:njMoQh2n9dH5M2vkm0y3Cl3pId9Rn9VvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VB:jMoQh2n9dH5M2vkm0y3Cl3pId9Rn9VvS

Score
10/10
wannacrydefense_evasiondiscoverypersistenceransomwareworm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

    • Target

      Ransomware-Samples

    • Size

      302KB

    • MD5

      a54a507481a648f0340b3b265bd5d276

    • SHA1

      5563529dd1fc334034f49b42416e921ef54fbe1a

    • SHA256

      9be562c3f2a211575f7871250c15fe9e7c9bd5789845c709f54eed4f3fec6925

    • SHA512

      348fde450e45dcae8fb6c6785ca9c5f11ffa1fdde7d04a4aee9e6f993e6bb2fc24c987f66f28cd700a96d5051863d57042a7b42413ea27363f19fdf9312f91cd

    • SSDEEP

      6144:njMoQh2n9dH5M2vkm0y3Cl3pId9Rn9VvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VB:jMoQh2n9dH5M2vkm0y3Cl3pId9Rn9VvS

    Score
    10/10
    wannacrydefense_evasiondiscoverypersistenceransomwareworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Drops startup file

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks