MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdf6cfd517d45156665c0a3481a54a201f45a503aaecb87392eb2647fcec82e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

WannaCry

Vendor detections: 11

Intelligence 11 IOCs YARA 4 File information Comments

SHA256 hash:	bdf6cfd517d45156665c0a3481a54a201f45a503aaecb87392eb2647fcec82e5
SHA3-384 hash:	04118a0804fa0de3b046670c21ab51e04b618bb61490683937b3e47f79a3b000ee3a38a13a8765098e8b84905f25fbb2
SHA1 hash:	a265bc0755588f7d458141dc91ea23a578aa6c43
MD5 hash:	98f13e6aad47d5efcc2801ab40b764af
humanhash:	muppet-florida-kilo-kansas
File name:	98f13e6aad47d5efcc2801ab40b764af
Download:	download sample
Signature	WannaCry Create hunting rule
File size:	5'267'459 bytes
First seen:	2022-07-20 05:28:27 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	2e5708ae5fed0403e8117c645fb23e5b (1'108 x WannaCry, 7 x Worm.Virut, 2 x Expiro)
ssdeep	49152:RnsQqMSPbcBV5INRx+TSqTdX1HkQo6SAARdhnv:1/qPoBfaRxcSUDk36SAEdhv
Threatray	360 similar samples on MalwareBazaar
TLSH	T17D362399327DC2FCD20518B440A78967F3B27CAE52FE5A0F9B8049690D53B55BBA0F43
TrID	38.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 13.0% (.EXE) Win64 Executable (generic) (10523/12/4) 8.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	openctibr
Tags:	dll OpenCTI.BR Sandboxed

Intelligence

File Origin

# of uploads :

# of downloads :

231

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/292594/

Detection(s):

Win.Ransomware.Wanna-9769986-0

Win.Ransomware.Wanacryptor-9942127-1

Win.Ransomware.WannaCry-6313787-0

Win.Malware.Djwy-6775897-0

Win.Ransomware.Wanna-6888334-0

Win.Malware.Djwy-6923377-0

Win.Exploit.Doublepulsar-7427328-0

Result

Verdict:

Malware

Maliciousness:

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cmd.exe greyware greyware overlay packed packed ransomware shell32.dll wanna wannacry worm

Link:

https://www.filescan.io/uploads/62d792e68fbcdde3605f25ad/reports/246f78ef-f6c3-4a71-a063-304edde75f2b/overview

Malware family:

Mimikatz

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/06bc370b-3fbf-410b-972c-044ae2d17ba1

Result

Threat name:

Wannacry

Detection:

malicious

Classification:

rans.troj.expl.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1037775

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bdf6cfd517d45156665c0a3481a54a201f45a503aaecb87392eb2647fcec82e5/

Threat name:

Win32.Ransomware.WannaCry

Status:

Malicious

First seen:

2018-05-07 07:30:10 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

34 of 41 (82.93%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xx3m7vix2rivmzs4bi2idjkkeapuljidvlwlq44s5mtep7hmqlsq._file

Verdict:

malicious

WannaCry

0ef3e12c837bd305c71966452aa170f20d4c3756a13308935a984e82bb76cc8b

WannaCry

268c5e3f3050d96c2fc80f38e7a81846bd799ba949d69f35bd2151e509189505

WannaCry

48fc9ccb42ec0234df4d4f41db1d0cb1e1fe6aa5e640c28625aa3d73e65d2856

WannaCry

4bf1fbbd994e86b9419d03ba4e930e2367837952ce603cbbed1d71750718c7c4

WannaCry

60b39d34b2089438db05f612a11f09e14fea05317ca2b4eb4f992b5be4d61103

WannaCry

8f86b42241e81b7461ba45fde82505332e4578663fdd20c2723a99863c34ad67

WannaCry

c74d4c435684c89f0f3ca6f18e75c3c2ae6f306ebb352d4246261650f15ef69a

WannaCry

f609bb63acb1c6d1ee19574550f83bb796af5ece4cab54a70f97534e8b1c478f

WannaCry

+ 350 additional samples on MalwareBazaar

Result

Malware family:

wannacry

Score:

10/10

Tags:

family:wannacry discovery ransomware worm

Link:

https://tria.ge/reports/220720-f6labacgdn/

Behaviour

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Drops file in Windows directory

Drops file in System32 directory

Creates a large amount of network flows

Contacts a large (1281) amount of remote hosts

Executes dropped EXE

Contacts a large (3277) amount of remote hosts

Wannacry

Unpacked files

SH256 hash:

bdf6cfd517d45156665c0a3481a54a201f45a503aaecb87392eb2647fcec82e5

MD5 hash:

98f13e6aad47d5efcc2801ab40b764af

SHA1 hash:

a265bc0755588f7d458141dc91ea23a578aa6c43

Link:

https://www.unpac.me/results/1e1ca9e8-a839-4faf-861e-4b04230951ea/

Malware family:

WannaCry

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/bdf6cfd517d4/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/bdf6cfd517d45156665c0a3481a54a201f45a503aaecb87392eb2647fcec82e5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	malware_shellcode_hash Create hunting rule
Author:	JPCERT/CC Incident Response Group
Description:	detect shellcode api hash value

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	WannaCry_Ransomware Create hunting rule
Author:	Florian Roth (with the help of binar.ly)
Description:	Detects WannaCry Ransomware
Reference:	https://goo.gl/HG2j5T

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/292594/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample