General
-
Target
Ransomware.WannaCry.zip
-
Size
317KB
-
Sample
241205-evdknatrdl
-
MD5
df1ff8c74159aeb4ef57346b50ceef0d
-
SHA1
033501ccbd89ecff8f796b8b34e9666deabc3189
-
SHA256
62cc18705a6a603b4ba3d5b108b8f2c286384a624e2285e3b8b7f1de7a64d8f0
-
SHA512
a0bdd5a872d1bae0aa875b9aa88bd7b186425ff2fe00cbcf1c04d01a14e898232ac194398516841cc59cc40168748075bfe6cb7bedbbd45eaf54b99c10fb7425
-
SSDEEP
6144:1LSss1pOL/saqkPV9FemB9YWDSsmwu9AvZJT3CqbMrhryf65NRPaCieMjAkvCJv+:1mss1pOL/saqkPV9FemB9YWDSsmwu9AN
Malware Config
Extracted
C:\Users\Admin\Documents\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
Ransomware.WannaCry.zip
-
Size
317KB
-
MD5
df1ff8c74159aeb4ef57346b50ceef0d
-
SHA1
033501ccbd89ecff8f796b8b34e9666deabc3189
-
SHA256
62cc18705a6a603b4ba3d5b108b8f2c286384a624e2285e3b8b7f1de7a64d8f0
-
SHA512
a0bdd5a872d1bae0aa875b9aa88bd7b186425ff2fe00cbcf1c04d01a14e898232ac194398516841cc59cc40168748075bfe6cb7bedbbd45eaf54b99c10fb7425
-
SSDEEP
6144:1LSss1pOL/saqkPV9FemB9YWDSsmwu9AvZJT3CqbMrhryf65NRPaCieMjAkvCJv+:1mss1pOL/saqkPV9FemB9YWDSsmwu9AN
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
2File Deletion
2Modify Registry
1