General
-
Target
stellar main.rar
-
Size
65.1MB
-
Sample
240906-1pfzgszdnf
-
MD5
4bd4c7c95ddecb4b1540ca0afcbdb845
-
SHA1
b7c0129f8103c36f24904f5c4498baa8f0046749
-
SHA256
805ab80d0ec69afd7d8de6103fe1271daab0501d8f8f99147f586d0c85036185
-
SHA512
a2661883dcad4821d7db1c7a9c026f8102042fd172d631ca52b4452fc00fda06d04d7745837940005bbb3839c16b8d85e156d9e14f0555d5b25708fac7265fa4
-
SSDEEP
1572864:21cR+1ZzhZzBXW1y4OdqKRXJHtZ/+u5yWVlD:ycRonE1li19wm9
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
stellar main/include/httplib/README.md
-
Size
22KB
-
MD5
d29f2e563571e191aa6491cc8ed4c1db
-
SHA1
24a3b118e37bbbd1a985f9484cc285fa0edf7110
-
SHA256
9de688f48c4be2dd3f7f0f67d33d718a2f154b988099baa0064dd51239d85a9a
-
SHA512
e5b19ec91e8981adbaae5b94fb30a89d9ba25c650aa9e4f57353be945d1d9be08f06a6fab8f22ec99296539f114e34b22cfd281eb543c933a27447922b20d04e
-
SSDEEP
384:5WzZNubQeNC0KOSzWBUZN7j5NjEbTaO6+5vLt2AO+fvX4Uw9tC:5WzZNubQ1mBUZN4q2vJ2WoUw9tC
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
-
-
Target
stellar main/include/httplib/split.py
-
Size
1KB
-
MD5
27ab5484b713bdbea38e827a719be90c
-
SHA1
912ca047320cfa917748ce0068dcf4bbadb73898
-
SHA256
b0809088aab7733e50606ad8250fe851ea12ec9381e896fc12969d0e1d3e124f
-
SHA512
0091e3a01c3d66f92916e8a7e788b6cb1d628d2fe263092f1cafd67bad2cf91302009c1f132e83d0686a06b819cb3fa9b335148073522eb4090c775432ea28a5
Score3/10 -
-
-
Target
stellar main/include/httplib/test/test.cc
-
Size
208KB
-
MD5
039faa62b783813dfdad4f312f252a6b
-
SHA1
064e917e2dc5c52c4535b91e0ae639f886dfb6a1
-
SHA256
f9f0d804bd773e92813feef8828c816ad9a6d7dfc26101bc0a495f4f72c4cbf6
-
SHA512
1e2ff9fcf287877fe9fc0e5c9468b7469b10ec6a1bcb68a81f851d877a0bf75539e6064b464d68be924655f32c9e2fe754320fcb32f9a6a698ff4d8f2249fa80
-
SSDEEP
3072:O/3YpDpcoajq/sTyXONt8F4KbAiTzTI6Iq7RgZlO:O/3YxFXOjaTzTIDkgZo
Score3/10 -
-
-
Target
stellar main/include/httplib/test/www/dir/index.html
-
Size
104B
-
MD5
aef30cf746db10a8fd09ab6bf6b701ce
-
SHA1
208361e1686e97df83bd2a47eddb6339e6c2d0f2
-
SHA256
c1744dc371ffe1aa631aa917e0e43a7ec53fb6097975778b43dabfe0f2d05bde
-
SHA512
6dd3469e78d6000e20fc21c158984770fcb134ecb4c47bf0c24b5a54dda138bc8fb54ccec01d16f8eab7d653ab8bc45b7919c8258058e26948c96c2c28712f23
Score3/10 -
-
-
Target
stellar main/include/httplib/test/www/dir/test.html
-
Size
9B
-
MD5
eac0a7ec83537763d3ba7671828d0989
-
SHA1
5017803b9ee9b00cc52db4a18a64b71cfc076fd7
-
SHA256
f34a7fb61a9cc01eb48c32a902d2ef73398b12d8baccaa64ae41317c1d2304cb
-
SHA512
e6aada78bbad1b708aaa109e3d40a9ef8e2f23d27fe6c1ae371067d6792eeefb4a456d8002001eab540b86b103d73ce679a7f622aa90b44058f928a551cc5229
Score3/10 -
-
-
Target
stellar main/include/httplib/test/www2/dir/index.html
-
Size
104B
-
MD5
aef30cf746db10a8fd09ab6bf6b701ce
-
SHA1
208361e1686e97df83bd2a47eddb6339e6c2d0f2
-
SHA256
c1744dc371ffe1aa631aa917e0e43a7ec53fb6097975778b43dabfe0f2d05bde
-
SHA512
6dd3469e78d6000e20fc21c158984770fcb134ecb4c47bf0c24b5a54dda138bc8fb54ccec01d16f8eab7d653ab8bc45b7919c8258058e26948c96c2c28712f23
Score3/10 -
-
-
Target
stellar main/include/httplib/test/www2/dir/test.html
-
Size
9B
-
MD5
eac0a7ec83537763d3ba7671828d0989
-
SHA1
5017803b9ee9b00cc52db4a18a64b71cfc076fd7
-
SHA256
f34a7fb61a9cc01eb48c32a902d2ef73398b12d8baccaa64ae41317c1d2304cb
-
SHA512
e6aada78bbad1b708aaa109e3d40a9ef8e2f23d27fe6c1ae371067d6792eeefb4a456d8002001eab540b86b103d73ce679a7f622aa90b44058f928a551cc5229
Score3/10 -
-
-
Target
stellar main/include/httplib/test/www3/dir/index.html
-
Size
104B
-
MD5
aef30cf746db10a8fd09ab6bf6b701ce
-
SHA1
208361e1686e97df83bd2a47eddb6339e6c2d0f2
-
SHA256
c1744dc371ffe1aa631aa917e0e43a7ec53fb6097975778b43dabfe0f2d05bde
-
SHA512
6dd3469e78d6000e20fc21c158984770fcb134ecb4c47bf0c24b5a54dda138bc8fb54ccec01d16f8eab7d653ab8bc45b7919c8258058e26948c96c2c28712f23
Score3/10 -
-
-
Target
stellar main/include/httplib/test/www3/dir/test.html
-
Size
9B
-
MD5
eac0a7ec83537763d3ba7671828d0989
-
SHA1
5017803b9ee9b00cc52db4a18a64b71cfc076fd7
-
SHA256
f34a7fb61a9cc01eb48c32a902d2ef73398b12d8baccaa64ae41317c1d2304cb
-
SHA512
e6aada78bbad1b708aaa109e3d40a9ef8e2f23d27fe6c1ae371067d6792eeefb4a456d8002001eab540b86b103d73ce679a7f622aa90b44058f928a551cc5229
Score3/10 -
-
-
Target
stellar main/output/build/stellar.exe
-
Size
1.0MB
-
MD5
81da9fac8fb5e8eed228582aef38b777
-
SHA1
cae224e064a5818c36e5cd3ff9d75b731c409ac9
-
SHA256
03b8768051e84b741939096a3061ca67223826c70ef35248bff691545033963c
-
SHA512
44369c669e72aa86f5ea328c4a9d4aa739a2661dc8cc78eaf2f68769a30acccca234490ee8e2c08396ace962f9870b5d27cd53d91f6a69715952983f904a07f9
-
SSDEEP
24576:cLb+/7TpM6OnRSowSxHB19znJcY/+sYwaH0L17RA8ZonhsQcmY3TpXR:n7TyhB/znJcoL1dChsQcmYD
Score1/10 -
-
-
Target
stellar main/roblox/Threads/threads.cpp
-
Size
6KB
-
MD5
33cb265afebcd4812bcff18163f8156c
-
SHA1
17734d4ce0f2aca8385f05a41ec688ca9f533a6b
-
SHA256
ae0b8faf173963ce54b78f81cc1f23494880b85de19610ad2ec6804e80d75306
-
SHA512
a31887524f5a7b1eb5db4185a5ca486e7ab6b98fd12018a18da65488cebbc15785db503502f11abe4ed0115baa74a9b6d3e29278bb5d5ffa7f5e6f332ceb0988
-
SSDEEP
96:sMVKNRCUCxrtCHGOQCBCE5CMCn7C5jEFBlCC3:rVKvn2rtqQC/1s7kmll
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Windows Management Instrumentation
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3