The malware creates the following service to ensure persistence of tasksche.exe DisplayName: Microsoft Security Center (2.0) Service.The malware creates the following service to ensure persistence of mssecsvc.exe: Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.Key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.The malware creates the following two registry run keys to ensure persistence: Table 1: File characteristics Persistence Mechanism The malware uses encrypted Tor channels for command and control (C2) communications. WCRY extension, drops and executes a decryptor tool, and demands $300 or $600 USD (via Bitcoin) to decrypt the data. The malware appends encrypted data files with the. The malware leverages an exploit, codenamed “EternalBlue”, that was released by the Shadow Brokers on April 14, 2017. The WannaCry malware consists of two distinct components, one that provides ransomware functionality and a component used for propagation, which contains functionality to enable SMB exploitation capabilities. WannaCry (also known as WCry or WanaCryptor) malware is a self-propagating (worm-like) ransomware that spreads through internal networks and over the public internet by exploiting a vulnerability in Microsoft’s Server Message Block (SMB) protocol, MS17-010. Create a Free Mandiant Advantage Account.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |