wannacry

General

Target

that_is_lgrachov.jpeg
Size

27KB
Sample

240823-x1hexatfrj
MD5

f085fe12d8ebb8b7783f6d734e9bac29
SHA1

35cc62e74855c6e3235715fbda3fac4951d421a6
SHA256

1846a6270fbbb0fc3fd55788699ac1acc3cb6b339bd8ad004ddbf32dd41e6fd2
SHA512

b8a138236eeb09fca969f88d7034d8c1ac0b93b58b71ce25a19c6b8174cd0e46ff6bbca8e6603cd6bf3228bd100d2d2fa8f3ab13696687fb6e200de739af73ec
SSDEEP

768:iIPPEs/U7nXOU5tZJIyW1crMvPxHvedPvHG3:iURqXOoKgYvpenHG3

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Targets

- Target
  
  that_is_lgrachov.jpeg
- Size
  
  27KB
- MD5
  
  f085fe12d8ebb8b7783f6d734e9bac29
- SHA1
  
  35cc62e74855c6e3235715fbda3fac4951d421a6
- SHA256
  
  1846a6270fbbb0fc3fd55788699ac1acc3cb6b339bd8ad004ddbf32dd41e6fd2
- SHA512
  
  b8a138236eeb09fca969f88d7034d8c1ac0b93b58b71ce25a19c6b8174cd0e46ff6bbca8e6603cd6bf3228bd100d2d2fa8f3ab13696687fb6e200de739af73ec
- SSDEEP
  
  768:iIPPEs/U7nXOU5tZJIyW1crMvPxHvedPvHG3:iURqXOoKgYvpenHG3
Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2 behavioral3