General

  • Target

    8e5bf41f436878764cc05bdb5ab1c7ac29e872fd4d78f76b7300f3dc2687e7e1N

  • Size

    5.0MB

  • Sample

    241028-rrfbasyrav

  • MD5

    a44d500e0c08668eb728971bce455d40

  • SHA1

    3fdfe77edade5f801e21653de8d8ae8f8e5d5e11

  • SHA256

    8e5bf41f436878764cc05bdb5ab1c7ac29e872fd4d78f76b7300f3dc2687e7e1

  • SHA512

    f7aab4355b7eb85c77107779bc65a095729df47de684c25acabe030e2a5c4dc07d297f484954a13bf71a430432eeba180f1b882240c212e184bf1dfd376f36e5

  • SSDEEP

    98304:TDqPoBhzbaRxcSUDk36SAEdhvxWa9P593R8yAVp2H:TDqPebCxcxk3ZAEUadzR8yc4H

Malware Config

Targets

    • Target

      8e5bf41f436878764cc05bdb5ab1c7ac29e872fd4d78f76b7300f3dc2687e7e1N

    • Size

      5.0MB

    • MD5

      a44d500e0c08668eb728971bce455d40

    • SHA1

      3fdfe77edade5f801e21653de8d8ae8f8e5d5e11

    • SHA256

      8e5bf41f436878764cc05bdb5ab1c7ac29e872fd4d78f76b7300f3dc2687e7e1

    • SHA512

      f7aab4355b7eb85c77107779bc65a095729df47de684c25acabe030e2a5c4dc07d297f484954a13bf71a430432eeba180f1b882240c212e184bf1dfd376f36e5

    • SSDEEP

      98304:TDqPoBhzbaRxcSUDk36SAEdhvxWa9P593R8yAVp2H:TDqPebCxcxk3ZAEUadzR8yc4H

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3083) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks