General
-
Target
2024-12-17_557c1c30ca9e5495583181eb81d57c7d_wannacry
-
Size
4.1MB
-
Sample
241217-sf7rvatjaj
-
MD5
557c1c30ca9e5495583181eb81d57c7d
-
SHA1
85baedea5e68da4e1b456dfdbdafbef7ea0f47a4
-
SHA256
e63f3fe8cd43ef2bff362253b4b0273f2b46b8364fa00fc25e31aaec980eed4c
-
SHA512
1370890690f54e77ca830121974d76126873f0179b1cec20b475abc87aa94b4ded21d63727e105ef610d7726c9191a2840b282b5b1c960b56b24f2f44b08e251
-
SSDEEP
98304:qDqPoBK6SAEdhvxWa9P593R8yAVp2HAa9CUEbet:qDqPJZAEUadzR8yc4HAakUae
Malware Config
Targets
-
-
Target
2024-12-17_557c1c30ca9e5495583181eb81d57c7d_wannacry
-
Size
4.1MB
-
MD5
557c1c30ca9e5495583181eb81d57c7d
-
SHA1
85baedea5e68da4e1b456dfdbdafbef7ea0f47a4
-
SHA256
e63f3fe8cd43ef2bff362253b4b0273f2b46b8364fa00fc25e31aaec980eed4c
-
SHA512
1370890690f54e77ca830121974d76126873f0179b1cec20b475abc87aa94b4ded21d63727e105ef610d7726c9191a2840b282b5b1c960b56b24f2f44b08e251
-
SSDEEP
98304:qDqPoBK6SAEdhvxWa9P593R8yAVp2HAa9CUEbet:qDqPJZAEUadzR8yc4HAakUae
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Contacts a large (3216) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1