Overview

overview

10

Static

static

3

SecuriteIn...75.exe

windows7-x64

10

SecuriteIn...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Siggen18.23618.24708.4475.exe

  • Size

    316KB

  • Sample

    240709-wx9vbazbpg

  • MD5

    b9b3965d1b218c63cd317ac33edcb942

  • SHA1

    02408bb6dc1f3605a7d3f9bad687a858ec147896

  • SHA256

    5d26835be2cf4f08f2beeff301c06d05035d0a9ec3afacc71dff22813595c0b9

  • SHA512

    18096b1167561c6da5bfcc05e40f7661e21f43521eb47da9520d2744c8a1806d7187894ce0ae8e0a9e97904b345daae09897d80e8754a63c9aa1d6514feaf98e

  • SSDEEP

    6144:xHQFwJYDzVc1aWLn0IU4eFTE3Ijr2Cq6j7+qmOq:Z6wWcYWL0IUzNGqJq

Score
10/10
wannacrydefense_evasionexecutionimpactpersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\!Please Read Me!.txt

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $200 worth of bitcoin to this bitcoin address: 1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) https://www.dropbox.com/s/c1gn29iy8erh1ks/m.rar?dl=1 rar password: wcry123 Run and follow the instructions! �
Wallets

1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY

Targets

    • Target

      SecuriteInfo.com.Trojan.Siggen18.23618.24708.4475.exe

    • Size

      316KB

    • MD5

      b9b3965d1b218c63cd317ac33edcb942

    • SHA1

      02408bb6dc1f3605a7d3f9bad687a858ec147896

    • SHA256

      5d26835be2cf4f08f2beeff301c06d05035d0a9ec3afacc71dff22813595c0b9

    • SHA512

      18096b1167561c6da5bfcc05e40f7661e21f43521eb47da9520d2744c8a1806d7187894ce0ae8e0a9e97904b345daae09897d80e8754a63c9aa1d6514feaf98e

    • SSDEEP

      6144:xHQFwJYDzVc1aWLn0IU4eFTE3Ijr2Cq6j7+qmOq:Z6wWcYWL0IUzNGqJq

    Score
    10/10
    wannacrydefense_evasionexecutionimpactpersistenceransomwarespywarestealerworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks