General

  • Target

    2024-12-24_1b49978f9a03ef4f36890b61bf838fed_wannacry

  • Size

    2.2MB

  • Sample

    241224-a39wlsxjfj

  • MD5

    1b49978f9a03ef4f36890b61bf838fed

  • SHA1

    5142c29081f89af8631771fd4f557585bfa18fc8

  • SHA256

    24e166f94f190c9dcbde6742a2561e92071b62be7f00ea67050bee380d7ce103

  • SHA512

    1d82eac6d18251c96dfef16a615e8ff004027795bc075819bb4de92aa678e2a70c5fd32fc649b01e70f13a0a71aa389f65473a438d4b1f8dfeea1c70c0073266

  • SSDEEP

    6144:eE9l9ynqIYVTH5DgSgNajldktM0XXrCIagQhMV9qbBLIwYSv3AiiVjAqZfAgbJ3q:eebLgmluCtgQhMbaIuAvVLJAmd3An

Malware Config

Targets

    • Target

      2024-12-24_1b49978f9a03ef4f36890b61bf838fed_wannacry

    • Size

      2.2MB

    • MD5

      1b49978f9a03ef4f36890b61bf838fed

    • SHA1

      5142c29081f89af8631771fd4f557585bfa18fc8

    • SHA256

      24e166f94f190c9dcbde6742a2561e92071b62be7f00ea67050bee380d7ce103

    • SHA512

      1d82eac6d18251c96dfef16a615e8ff004027795bc075819bb4de92aa678e2a70c5fd32fc649b01e70f13a0a71aa389f65473a438d4b1f8dfeea1c70c0073266

    • SSDEEP

      6144:eE9l9ynqIYVTH5DgSgNajldktM0XXrCIagQhMV9qbBLIwYSv3AiiVjAqZfAgbJ3q:eebLgmluCtgQhMbaIuAvVLJAmd3An

    • Wannacry

      WannaCry is a ransomware cryptoworm.

    • Wannacry family

    • Contacts a large (3241) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks