wannacry

General

Target

498f71e2b35fa0e8f1b7675da2e9d94c0528ff5a3edfb65d54338510a95f797c
Size

3.4MB
Sample

240826-1lebgsxana
MD5

9e8e36905352f9702d94c1f9a2b6f1bb
SHA1

57ab6ad8fb7878ac3d405cc959140b9d72e5722c
SHA256

498f71e2b35fa0e8f1b7675da2e9d94c0528ff5a3edfb65d54338510a95f797c
SHA512

fde334533b71802e5cbd43fb2079e8d8cb577861184bb90c975d9df64c5c162e3b729f5f555cb1dbccad55fed1129b02c275a4b3706d40ddb5d7e6a1f3571a97
SSDEEP

98304:QePoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QePe1Cxcxk3ZAEUadzR8yc4gB

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 14HthR295amhvjdH8qS229FNv2LHyKFJYv Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

14HthR295amhvjdH8qS229FNv2LHyKFJYv

Targets

- Target
  
  498f71e2b35fa0e8f1b7675da2e9d94c0528ff5a3edfb65d54338510a95f797c
- Size
  
  3.4MB
- MD5
  
  9e8e36905352f9702d94c1f9a2b6f1bb
- SHA1
  
  57ab6ad8fb7878ac3d405cc959140b9d72e5722c
- SHA256
  
  498f71e2b35fa0e8f1b7675da2e9d94c0528ff5a3edfb65d54338510a95f797c
- SHA512
  
  fde334533b71802e5cbd43fb2079e8d8cb577861184bb90c975d9df64c5c162e3b729f5f555cb1dbccad55fed1129b02c275a4b3706d40ddb5d7e6a1f3571a97
- SSDEEP
  
  98304:QePoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QePe1Cxcxk3ZAEUadzR8yc4gB
Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2