wannacry

General

Target

Awesome-Hacking-master.zip
Size

37KB
Sample

240718-nfk6mawclk
MD5

0c660c55755cb9a992fa82002cf30e02
SHA1

d3f3abb5ab816fac570489bf48a4d47348f80f7e
SHA256

d54ee360c6838a535da9d19e9ea2a3fe1dce91e2720c7d46a4add02ad473a0e9
SHA512

9cee718818ef87caa42c9ff56c8c9635c5418f104fc62a6e6424e9bfadb65f12ed9514dac9cd343dd94839eeedaab0de76fa4a79c7dc692dc8f5c3c190c0f7ac
SSDEEP

768:0KhEgcylRu+Doav02cJsjd5G32pdJ1dp3uNu6sn:11VlmaL/5Au6sn

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCry-main.zip\WannaCry-main\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Targets

- Target
  
  Awesome-Hacking-master.zip
- Size
  
  37KB
- MD5
  
  0c660c55755cb9a992fa82002cf30e02
- SHA1
  
  d3f3abb5ab816fac570489bf48a4d47348f80f7e
- SHA256
  
  d54ee360c6838a535da9d19e9ea2a3fe1dce91e2720c7d46a4add02ad473a0e9
- SHA512
  
  9cee718818ef87caa42c9ff56c8c9635c5418f104fc62a6e6424e9bfadb65f12ed9514dac9cd343dd94839eeedaab0de76fa4a79c7dc692dc8f5c3c190c0f7ac
- SSDEEP
  
  768:0KhEgcylRu+Doav02cJsjd5G32pdJ1dp3uNu6sn:11VlmaL/5Au6sn
Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1
- Target
  
  Awesome-Hacking-master/LICENSE
- Size
  
  6KB
- MD5
  
  7bae63a234e80ee7c6427dce9fdba6cc
- SHA1
  
  34b2b37ec594d86bd391137b4fb644eccb17bdbb
- SHA256
  
  36ffd9dc085d529a7e60e1276d73ae5a030b020313e6c5408593a6ae2af39673
- SHA512
  
  3e20c74803825a27f7d4208f711d5b5f48bbdcd9487b59e0922fcbfd3b17f3f37440ae3bc024e3183401e4918765e59de8a5896f5a8be8236e4b769c65443cbb
- SSDEEP
  
  96:zaxrg1IGhYySEPApOGI4ww4S4yKmKKmiH9jk22KNEa6LWiWh7qHTLyLh9EK/IcnP:SrKIp4nw+ymHidjV20EaPdmzL9pqn
Score

1^/10
behavioral2
- Target
  
  Awesome-Hacking-master/README.md
- Size
  
  12KB
- MD5
  
  18acf9024c48c2eeba3c397281500e61
- SHA1
  
  518ee7e4c9c384ecb7817b9f41521e2d88bc82de
- SHA256
  
  a7199cf0efd33aad9e50a8155decbe310462ec517712dc8d22174081176aa8ac
- SHA512
  
  f01e747010e1044a0e78df038d6809c853248e205fb55dd0c7f66efa3b519650ccf4b8dae35cc961d96675c14440b7499a4b42d971293cb5005b3cac717e26a7
- SSDEEP
  
  192:U5xvJq5J8MDm7V7vPAKJk45sHKuQxJphncg2CGd7GmtkcW6X:4Rq5JZm6bqcg2CGk+kWX
Score

3^/10
behavioral3
- Target
  
  Awesome-Hacking-master/awesome_hacking.jpg
- Size
  
  32KB
- MD5
  
  c657bc2cec86b577ee91f4d88a7dbb7a
- SHA1
  
  3d10164d0ccc7e08fa5075fab99e9aac9751ea10
- SHA256
  
  1b0f0f9d206dc77e94888f5b607e37f0ba4a9474943f6ecbccbd3e22e4fbadf5
- SHA512
  
  f53e26d72a60fcf350f5d0a8baae773364a13aaa211610f99580ed15add421390c3f817f25b3531b446044743300bd0a2070bbc7d9c289414e7f0e94411521e3
- SSDEEP
  
  768:YEVEjKkP7r3NB/2skhwlcZN9vrI5Dj9+ZA6Fjg:YE6jKGHL2nwSpv85MZAw0
Score

3^/10
behavioral4
- Target
  
  Awesome-Hacking-master/contributing.md
- Size
  
  1KB
- MD5
  
  20575e1b18a52276d6d3bbf06368d710
- SHA1
  
  053d20508d5fadccccc605f867f50c78b6ab9800
- SHA256
  
  90fb14c19e433725152c731d642cc96a44f05143f522374784aaa8ba0f174597
- SHA512
  
  a4a294188a4fbb554151e4863492c26f48b155fc584639319ac9536ddd13737b16bcb03bf7764e8dc2c4c71a23f8e08a8d9a630e5f5ad64fe8ef2537666d393a
Score

3^/10
behavioral5