General

  • Target

    2024-12-22_8e995f2fae37aad7fd76e1a0ad183136_wannacry

  • Size

    5.0MB

  • Sample

    241222-qarsbszkfq

  • MD5

    8e995f2fae37aad7fd76e1a0ad183136

  • SHA1

    c46f47469dad3f5414b061104c45c2f646a88606

  • SHA256

    aa4e188dc622e1611a14572be6b9f78e8fd5a7c3318b0c97fd8084a7bb6f99e6

  • SHA512

    042993e54a28e12f6543a3f37fefa71e256fe1d5a8c24d526cd72ab192dbbffabc202fd4e5660feb5be69d833f1d21c79ede121208193c7ac664d3c7e833b8bb

  • SSDEEP

    98304:VDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8qAVp2HfD2aKRN2sKgmmh:VDqPe1Cxcxk3ZAEUadzR8qc4Hb2a8GI

Malware Config

Targets

    • Target

      2024-12-22_8e995f2fae37aad7fd76e1a0ad183136_wannacry

    • Size

      5.0MB

    • MD5

      8e995f2fae37aad7fd76e1a0ad183136

    • SHA1

      c46f47469dad3f5414b061104c45c2f646a88606

    • SHA256

      aa4e188dc622e1611a14572be6b9f78e8fd5a7c3318b0c97fd8084a7bb6f99e6

    • SHA512

      042993e54a28e12f6543a3f37fefa71e256fe1d5a8c24d526cd72ab192dbbffabc202fd4e5660feb5be69d833f1d21c79ede121208193c7ac664d3c7e833b8bb

    • SSDEEP

      98304:VDqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8qAVp2HfD2aKRN2sKgmmh:VDqPe1Cxcxk3ZAEUadzR8qc4Hb2a8GI

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3200) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks