wannacry

General

Target

WannaCry_ransomware_attack
Size

429KB
Sample

240718-vvv3ps1gqa
MD5

c01af42ed6d1d1fb865f266124533dba
SHA1

90860f160ade023ffc6171f7cebaa399b7760995
SHA256

e46d669202569d23a377958fbbbd6efae4d90a2251033095669a5fea4d481688
SHA512

cbb679ce9957d0a3895fa0ea6377fba71da9de4581a188b393dbd3ae89efe2746182b12a5f2240a9abaa83ddf860e7cce111c0328933aa7811ccefb759ef3ee6
SSDEEP

3072:P7+1l16LFIaZUynffVCMAul/cb9nnjtJd17X63cPYWk31KYsA30Y8uyvt2a9DJkQ:CCbWqcv2plKx7BPavWXDfEIfP

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Targets

- Target
  
  WannaCry_ransomware_attack
- Size
  
  429KB
- MD5
  
  c01af42ed6d1d1fb865f266124533dba
- SHA1
  
  90860f160ade023ffc6171f7cebaa399b7760995
- SHA256
  
  e46d669202569d23a377958fbbbd6efae4d90a2251033095669a5fea4d481688
- SHA512
  
  cbb679ce9957d0a3895fa0ea6377fba71da9de4581a188b393dbd3ae89efe2746182b12a5f2240a9abaa83ddf860e7cce111c0328933aa7811ccefb759ef3ee6
- SSDEEP
  
  3072:P7+1l16LFIaZUynffVCMAul/cb9nnjtJd17X63cPYWk31KYsA30Y8uyvt2a9DJkQ:CCbWqcv2plKx7BPavWXDfEIfP
Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1