General
-
Target
cats.html
-
Size
69KB
-
Sample
241226-x6ewzawlat
-
MD5
1e21e9df71b1c21dc5e7ed3b10fc07d0
-
SHA1
ae47fabba9477d47f92fada57302a9522a7b941e
-
SHA256
ec00aa96f0d2565116ac690bb5a40a8d10a86e243ff0818c9b02db8d47fb4068
-
SHA512
a74a7cdaafe7b93aa0a43ae3fc4d6595401aaa86ed7301d74b8cf824f0f595923bd3cb72b03c8724172eb03865819139211c00555d7a37e9917de97582e4dcd7
-
SSDEEP
1536:c8XWnRN/jkx8XWnEue6ZLgse6ZLgEk9YfV6Fr+jzDBR67d7f/5kK4/:i/jk66ZLE6ZL7s+jzDq7h/5kr
Malware Config
Targets
-
-
Target
cats.html
-
Size
69KB
-
MD5
1e21e9df71b1c21dc5e7ed3b10fc07d0
-
SHA1
ae47fabba9477d47f92fada57302a9522a7b941e
-
SHA256
ec00aa96f0d2565116ac690bb5a40a8d10a86e243ff0818c9b02db8d47fb4068
-
SHA512
a74a7cdaafe7b93aa0a43ae3fc4d6595401aaa86ed7301d74b8cf824f0f595923bd3cb72b03c8724172eb03865819139211c00555d7a37e9917de97582e4dcd7
-
SSDEEP
1536:c8XWnRN/jkx8XWnEue6ZLgse6ZLgEk9YfV6Fr+jzDBR67d7f/5kK4/:i/jk66ZLE6ZL7s+jzDq7h/5kr
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1