Extracted

• • Target

    LCRYPT0R/LCrypt0rX.vbs

  • Size

    12KB

  • MD5

    24cbd3ad1736fa6950e220bba381429b

  • SHA1

    44ceaa0b8622f64ad1e1d2283c4cfcc8629be152

  • SHA256

    719ed739717c7ac5a2bbac4187738df3ead0e38e31f4a656e976e9a5716a9af0

  • SHA512

    fc8fb1b1d06bf331c234af985f0fe2269d2f552dbd315507bb9796bb20eec948531c08e3f385ed9a1e6a8e86001fcbad2a8a8601fb1265621d634c975ce99ab8

  • SSDEEP

    384:HobplStxYHQHSH7l+ii3qF2ZNvLyyB8dstnH+7Me:aM22M

  Score

  9^/10

  defense_evasiondiscoveryevasionexecutionimpactpersistenceransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Blocklisted process makes network request

  • Disables RegEdit via registry modification

    evasion

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1

• • Target

    other malware cuz why not/[email protected]

  • Size

    3.4MB

  • MD5

    84c82835a5d21bbcf75a61706d8ab549

  • SHA1

    5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

  • SHA256

    ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

  • SHA512

    90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

  • SSDEEP

    98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    defense_evasion

  • Sets desktop wallpaper using registry

    ransomware
  behavioral2