wannacry

Resubmissions

02-10-2024 22:41

241002-2l6leavdlb 9

27-09-2024 21:32

240927-1d47ya1aqr 10

Sharing

Copy URL

Twitter E-mail

General

Target

Bitdancer.zip
Size

17.3MB
Sample

240927-1d47ya1aqr
MD5

c24175bfbe6fee48d701ffc2da8c3559
SHA1

1bd15d8eda30a6e5c7446d3716f179cf0c397ecc
SHA256

1005d1262f355c963be3c8c056af74842b3c495d688ca3a6d4a31132f94d34cf
SHA512

c94cf2729591f9854376f15598fd02b2bfd820e556356f5554bf98e73db9843db54e4b654bffe56cb3ef519f184a4123dff6c6f0cfa7e83891bb7ad1620b2fbe
SSDEEP

393216:1stg0BGL8wdRZRRniYhGpiDBM3Pi+Dy+SSccDI0v7oMBC:1sQL88b/qK2SC80v7oMBC

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Documents\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Targets

- Target
  
  MintInjector.exe
- Size
  
  17.4MB
- MD5
  
  22dcf4ed5ce31a50c15bd16113fd6c7e
- SHA1
  
  31dfeb4789fec61bad5209717ae1735f728fb7b2
- SHA256
  
  b28095f6724149b7e9db71ce78d101e7ee2dd3c8f066a9973ef20929ae6a25c0
- SHA512
  
  f79424942f26f05d49ef742445ef5e7cf9612c1f18de7365d118d4d5c311ac55924b129889ad78d5d3d66891fb985667b6b9439f3a7eb59fcd69010d47944f20
- SSDEEP
  
  393216:BO05grJxw1ubDqIIZRjgV3Qam6w06q1u3Oiqg5ltotcex6j:BOpx7qIGjUQ066Pg5lXexq
Score

10^/10

wannacry defense_evasion discovery evasion execution impact persistence ransomware trojan worm
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Wannacry
  WannaCry is a ransomware cryptoworm.
  ransomware worm wannacry
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  mintAPI.dll
- Size
  
  4KB
- MD5
  
  93b3532685280e8478b00946fb56d8ae
- SHA1
  
  0e05917c94cb9d8669ed3033954001bdb4bae2d7
- SHA256
  
  25dda94eef0d338cf7d8aad6ca8c476232977ffcce420b040c8dabd6ebb6372b
- SHA512
  
  d42f09c154fb1be12551ea60ad2711072b6318b02558623168b94a7fca619a4466104aed86f112b9596c6d2bac169f355d220a1182e14323f7b869286cf3244d
- SSDEEP
  
  96:A+4uay5129FeIUJuSZijOAVHow2pyxsYs:D4PA45DVHR
Score

1^/10
behavioral3 behavioral4
- Target
  
  mintUI.dll
- Size
  
  7KB
- MD5
  
  221f07f871d6fed6471344be3f9129c6
- SHA1
  
  bba15b1e71180ea0b7418021f4b342cd6296e63d
- SHA256
  
  2cbd1148b9caefcf5eac25bdb7695e6e42aaf0de108dc9fe600fc09d4b67c536
- SHA512
  
  d4d94808b1e2e2d1d07295bb99d98cc536d4d58b65a6dada59d09ad63c983ea0381171cc99b797926553f9a27515eb28eba863b2da473f52fc115dc72b3875a5
- SSDEEP
  
  96:S7TqqncTO1V5C1UfzM9O4wsxM+9zjcms1mD74O8sLSXRn2t5zNt:S7mqncy1V5CcYXwsf5jcmsUDMOJSMB
Score

1^/10
behavioral5 behavioral6
- Target
  
  mintUI.exe
- Size
  
  135KB
- MD5
  
  cb0e4661360da0f42150d0764bece8ca
- SHA1
  
  54cbbdba26e0d012c56d56e5d0ce2e2ac16e7aa4
- SHA256
  
  a91f5c498df6682fdc690b9322586617dfaf938ee811f7e53361a0e3206ba114
- SHA512
  
  97d1b141517bb2f0ee05a86ca1a19de34688e958b68922001d1d8293a85dc7b7474a4834ef647ccf85d8a427cb52cd67fd762c92da4eee7206616d7df8432e75
- SSDEEP
  
  3072:ajK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOQhBum:ajK4TDUqgpqWDLZ5H+xuZ047hA
Score

1^/10
behavioral7 behavioral8