Extracted

• • Target

    sample

  • Size

    501KB

  • MD5

    d518765a80699b4497e0e7861fcba48e

  • SHA1

    43493b3108dbad6e0444294a2a654226dd456d01

  • SHA256

    3f2dd083f499b9d437af6db0a8d96a9b8a9e906e3905f583b6b24c0f8b06ec90

  • SHA512

    1fa6660df85d0be0e5d4336c8059e9b49cf671d7dd40b8520ba3a7161deccfe39b327a8aec0b63a5e2c55bb3d64a5c3c7fcbdee76fa4e4f910b0600a597e6ad0

  • SSDEEP

    6144:zA4lyylyElynlyulyVlyhlyjlyulyClyUP4a:zJlrlDl8lDl6lilOlzl9l5Px

  Score

  10^/10

  cryptolockerwannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • CryptoLocker

    Ransomware family with multiple variants.

    ransomwarecryptolocker

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1