Resubmissions

17-09-2024 13:50

240917-q5kmhawcre 3

17-09-2024 13:49

240917-q45laawfqp 3

17-09-2024 10:07

240917-l5wybaxcqa 10

17-09-2024 09:54

240917-lxghnaxamj 7

General

  • Target

    sample

  • Size

    77KB

  • Sample

    240917-l5wybaxcqa

  • MD5

    0ffcf2bd30576f20c6b487c1eadc2acf

  • SHA1

    55e98c61b2990bd80b0417f249197c6433e2455b

  • SHA256

    f5e16cb99726473a3690f34918082477cba89dcbd88e031a4554f14161a4ea33

  • SHA512

    eef64c737cf44fc488e0ff0391521f93c0b07f44b65c016d23fd03d0c2b6794448b477b34de412e18dd041857f31fe4b826f6681bc36fabcda0e62519675c9e9

  • SSDEEP

    1536:I6QJFLCCwNiePs+ehNFZuSuWtWWx/ZhoU1+HvScWXpc+NKjp3q/6aejGkaEKfK6a:HQJFLhwAbZuU1+HvScWXpc+NKjp3q/67

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Targets

    • Target

      sample

    • Size

      77KB

    • MD5

      0ffcf2bd30576f20c6b487c1eadc2acf

    • SHA1

      55e98c61b2990bd80b0417f249197c6433e2455b

    • SHA256

      f5e16cb99726473a3690f34918082477cba89dcbd88e031a4554f14161a4ea33

    • SHA512

      eef64c737cf44fc488e0ff0391521f93c0b07f44b65c016d23fd03d0c2b6794448b477b34de412e18dd041857f31fe4b826f6681bc36fabcda0e62519675c9e9

    • SSDEEP

      1536:I6QJFLCCwNiePs+ehNFZuSuWtWWx/ZhoU1+HvScWXpc+NKjp3q/6aejGkaEKfK6a:HQJFLhwAbZuU1+HvScWXpc+NKjp3q/67

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks