General

  • Target

    2b5d2b9380e6a7270ec2826dabfe3290c226c61b1b96d968ef915bde960ab8df

  • Size

    5.0MB

  • Sample

    240925-244jrsshkm

  • MD5

    663039c0ac81e4473b0c0133ac4be2b7

  • SHA1

    47dfea3a3de7baa22259bf83173f0d501ffec7c0

  • SHA256

    2b5d2b9380e6a7270ec2826dabfe3290c226c61b1b96d968ef915bde960ab8df

  • SHA512

    8c53acc99c66f4862f182b9b74a900ef3032c10d757f1294239004696e61d87e8fc6aefccbdf20d127fe0f47e5281db3374f23ec26cec48c2c5b9edfc2a2f54f

  • SSDEEP

    6144:vE9l9yUqIYVTH5DgSg8ajldktM0XXrs2xuZtk6Qo+yP2O1G:vnbLgPluxxuZtk6Qo+7O1

Malware Config

Targets

    • Target

      2b5d2b9380e6a7270ec2826dabfe3290c226c61b1b96d968ef915bde960ab8df

    • Size

      5.0MB

    • MD5

      663039c0ac81e4473b0c0133ac4be2b7

    • SHA1

      47dfea3a3de7baa22259bf83173f0d501ffec7c0

    • SHA256

      2b5d2b9380e6a7270ec2826dabfe3290c226c61b1b96d968ef915bde960ab8df

    • SHA512

      8c53acc99c66f4862f182b9b74a900ef3032c10d757f1294239004696e61d87e8fc6aefccbdf20d127fe0f47e5281db3374f23ec26cec48c2c5b9edfc2a2f54f

    • SSDEEP

      6144:vE9l9yUqIYVTH5DgSg8ajldktM0XXrs2xuZtk6Qo+yP2O1G:vnbLgPluxxuZtk6Qo+7O1

    • Modifies firewall policy service

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Contacts a large (3179) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks