Extracted

• • Target

    mtksecbypass_v12.exe

  • Size

    19.7MB

  • MD5

    978ce2baacdc4a4d370d2cad1014641d

  • SHA1

    524b43651a20a3a5da3f6c6bc7a12f2caa17feef

  • SHA256

    6d0b760cfe0b66dfb3b535f9571183913389ad88719adaff630d9c04fd4f36fc

  • SHA512

    ec7bc18eedd235e473469864c61a48a6cf59402235235fa37f96ecfd2f48b21cba0812183b3b70d4c615f80451a30247f0ee0cdc0c12ea559d0b7ad224aff790

  • SSDEEP

    393216:vzmS2D1u1e3CL3rbg2cXXO5e3O/U4DW2rJJsv6tWKFdu9CJZdi:75I4Vbg2cu5D/U4DhrLZc

  Score

  10^/10

  wannacrydefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Wannacry family

    wannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Downloads MZ/PE file

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2