I have put together a little "petri dish" test environment and started looking for a sample that has the exploit. Some samples out there simply do not have the exploit code, and even tough they will encrypt the files locally, sometimes the mounted shares too, they would not spread.
Luckily, I have found this nice blog post from McAfee Labs: https://securingtomorrow.mcafee.com/mcafee-labs/analysis-wannacry-ransomware/ with the reference to the sample SHA256: 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c (they keep referring to samples with MD5, which is still a very-very bad practice, but the hash is MD5: DB349B97C37D22F5EA1D1841E3C89EB4)
Once I got the sample from the VxStream Sandbox site, dropped it in the test environment, and monitored it with Security Onion. I was super happy to see it spreading, despite the fact that for the first run my Windows 7 x64 VM went to BSOD as the EthernalBlue exploit failed.
But the second run was a full success, all my Windows 7 VMs got infected. Brad was so kind and made a guest blog post at one of my favorite sites, www.malware-traffic-analysis.net so you can find the pcap, description of the test environment and some screenshots here: http://malware-traffic-analysis.net/2017/05/18/index2.html
Related articles
- Hacking Tools For Pc
- Pentest Box Tools Download
- Pentest Tools Website Vulnerability
- Pentest Tools Open Source
- Pentest Tools Open Source
- Hacker Tools Free Download
- Hacks And Tools
- What Are Hacking Tools
- Pentest Tools Alternative
- Hacking Tools And Software
- Hack Tools Mac
- Hacker Tools Software
- Hacking Tools Hardware
- Hack Tools Mac
- Pentest Tools Free
- Hacker Tools Apk Download
- Hacker Tools Online
- Hacker Hardware Tools
- Hack Tools For Mac
- Pentest Tools List
- Pentest Tools Online
- Beginner Hacker Tools
- Termux Hacking Tools 2019
- Best Pentesting Tools 2018
- Hacking Tools For Games
- Hack Tools
- Hack Website Online Tool
- Pentest Tools Free
- Pentest Tools Port Scanner
No comments:
Post a Comment
All comments are welcome, but if you choose to comment using the "anonymous" button, please be sure to include your name at the end. All TRULY anonymous comments will be deleted. Thanks for your understanding...Blaine (aka 5KidMom)