wannacry

Resubmissions

28-08-2024 00:19

240828-amfylaxhja 1

28-08-2024 00:19

28-08-2024 00:04

28-08-2024 00:01

27-08-2024 23:49

27-08-2024 23:36

Sharing

Copy URL

Twitter E-mail

General

Target

jsm_sas.rbxm
Size

592KB
Sample

240827-3lzzasydrr
MD5

8868b47dca5975929f896e93d0c7d52c
SHA1

65783e973c97fd74d9d4ae131a77edb5e69ab909
SHA256

c88161c58bfec207c4a9da9598d24a6a4cdc83e81a123bf3c38c188f03bfad62
SHA512

e8388afb220b48d9a6fa8d32cc652258307ddfb39fdfcf5e9d5a631f23ff6ab005c3be371d1d2e015e1db8a4fa1b5cf306e52f4f77c075da58316aaa245223f3
SSDEEP

12288:WLaIb4s0L6cI58hGQDcrPyavp7R1R0Fb7ptJLZilvQbp:WLaV1e0cPyE7R1wb7o8

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r (1).zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Targets

- Target
  
  jsm_sas.rbxm
- Size
  
  592KB
- MD5
  
  8868b47dca5975929f896e93d0c7d52c
- SHA1
  
  65783e973c97fd74d9d4ae131a77edb5e69ab909
- SHA256
  
  c88161c58bfec207c4a9da9598d24a6a4cdc83e81a123bf3c38c188f03bfad62
- SHA512
  
  e8388afb220b48d9a6fa8d32cc652258307ddfb39fdfcf5e9d5a631f23ff6ab005c3be371d1d2e015e1db8a4fa1b5cf306e52f4f77c075da58316aaa245223f3
- SSDEEP
  
  12288:WLaIb4s0L6cI58hGQDcrPyavp7R1R0Fb7ptJLZilvQbp:WLaV1e0cPyE7R1wb7o8
Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1