General

  • Target

    2024-12-22_0ad3f8c6117cd80fa5ef39b4ef592761_wannacry

  • Size

    5.0MB

  • Sample

    241222-px2elsylas

  • MD5

    0ad3f8c6117cd80fa5ef39b4ef592761

  • SHA1

    02597da6f643a63848847c849e328eb700c078d9

  • SHA256

    db2d337e85671fc524ce66dadccac305859181e1f62b46bbc95d80c78aa95c27

  • SHA512

    b922a349de0f43f204c03e6f397bd09cb493856b4c383fabeba3fea5c50b28d3c54f17c3ac4e235acf4b283d3b5d359b7fc6cacdfffd18137ceab3e476a90cb3

  • SSDEEP

    98304:K8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HJD527BWG:K8qPe1Cxcxk3ZAEUadzR8yc4HJVQBWG

Malware Config

Targets

    • Target

      2024-12-22_0ad3f8c6117cd80fa5ef39b4ef592761_wannacry

    • Size

      5.0MB

    • MD5

      0ad3f8c6117cd80fa5ef39b4ef592761

    • SHA1

      02597da6f643a63848847c849e328eb700c078d9

    • SHA256

      db2d337e85671fc524ce66dadccac305859181e1f62b46bbc95d80c78aa95c27

    • SHA512

      b922a349de0f43f204c03e6f397bd09cb493856b4c383fabeba3fea5c50b28d3c54f17c3ac4e235acf4b283d3b5d359b7fc6cacdfffd18137ceab3e476a90cb3

    • SSDEEP

      98304:K8qPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2HJD527BWG:K8qPe1Cxcxk3ZAEUadzR8yc4HJVQBWG

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3227) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks