General
-
Target
2025-01-12_6c2fc86a1e1c332330a31dcedc49ba5c_wannacry
-
Size
4.1MB
-
Sample
250112-gd1d7sypb1
-
MD5
6c2fc86a1e1c332330a31dcedc49ba5c
-
SHA1
1767ed0895dfe108930b7ba9358e16888b63f77a
-
SHA256
43bca15528c558874940e4fcdfb4d19c796481525f59cade709ea62f81dbcb49
-
SHA512
c828b965413043387765bdffe222a32c82bf98f33bc23eb9eb5b836b443a6314ad0a9926b93030a87dd5a79553433b94ce4665ba68ae5bdb2bbf8c85fc6bb687
-
SSDEEP
49152:CnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAZJE3jM2ce:uDqPoBhz1aRxcSUDk36SAGE3Xc
Malware Config
Targets
-
-
Target
2025-01-12_6c2fc86a1e1c332330a31dcedc49ba5c_wannacry
-
Size
4.1MB
-
MD5
6c2fc86a1e1c332330a31dcedc49ba5c
-
SHA1
1767ed0895dfe108930b7ba9358e16888b63f77a
-
SHA256
43bca15528c558874940e4fcdfb4d19c796481525f59cade709ea62f81dbcb49
-
SHA512
c828b965413043387765bdffe222a32c82bf98f33bc23eb9eb5b836b443a6314ad0a9926b93030a87dd5a79553433b94ce4665ba68ae5bdb2bbf8c85fc6bb687
-
SSDEEP
49152:CnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAAZJE3jM2ce:uDqPoBhz1aRxcSUDk36SAGE3Xc
Score10/10-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Contacts a large (3205) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1