[SAMPLE] Ransomware.WannaCry
#1
I believe this to be the original sample. There have been multiple strains emerging lately as the malware is adapted by others. Cylance has stated that they've seen at least 27 unique hashes for WannaCry malware.

https://github.com/ytisf/theZoo/tree/c4f...e.WannaCry
#2
Very nice share, seems interesting. Also a good repo for all kinds of malware. Just noticed they even have a copy of a part of the stuxnet virus.

Will look into this soon, will be interesting to see how they coded it.
Reply
#3
(05-22-2017, 01:15 PM)Bish0pQ Wrote: Very nice share, seems interesting. Also a good repo for all kinds of malware. Just noticed they even have a copy of a part of the stuxnet virus.

Will look into this soon, will be interesting to see how they coded it.

inb4 h4ck3d.
Reply
#4
(05-22-2017, 01:15 PM)Bish0pQ Wrote: Very nice share, seems interesting. Also a good repo for all kinds of malware. Just noticed they even have a copy of a part of the stuxnet virus.

Will look into this soon, will be interesting to see how they coded it.

Yes, theZoo is a bit of a treasure trove for those needing samples to analyze and learn from.
Reply
#5
If you havn't seen the live map of WannaCry yet, here it is https://intel.malwaretech.com/pewpew.html

I read online that WannaCrypt was designed with a kill switch if a certain domain was taken. I haven't personally looked into the worm yet but I plan to.
Anyways I guess the guys at MalwareTech took control of the domain what WannaCrypt uses. They are now using it to somehow track the infection rate.

This is as far as I know, correct me if I'm wrong. I'm interested but do not have much time on my hands now these days.
Reply
#6
(05-23-2017, 07:18 AM)Sith Wrote: ...

To give you a quick summary, yes, @MalwareTechBlog is a malware researcher who got his hands on a sample. In reverse engineering it he noted a domain name in the code that was not registered. He had no idea what registering the domain would do. Effectively, it was a kill switch that stopped the spread of the malware. He and team he works for elected to sinkhole the domain and have been monitoring its traffic.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)



Powered By MyBB, © 2002-2018 MyBB Group.