Welcome to Comrade Olamilekan's World...

Meet One of Nigeria's youngest and finest speakers that blows your mind with factual and odouriferous write ups in line with relationship issues,educational issues,entertainment news amongst others

Friday, 28 August 2020

perPage: 7,

Pcap Of Wannacry Spreading Using EthernalBlue

Saw that a lot of people were looking for a pcap with WannaCry spreading Using EthernalBlue.

I have put together a little "petri dish" test environment and started looking for a sample that has the exploit. Some samples out there simply do not have the exploit code, and even tough they will encrypt the files locally, sometimes the mounted shares too, they would not spread.

Luckily, I have found this nice blog post from McAfee Labs: https://securingtomorrow.mcafee.com/mcafee-labs/analysis-wannacry-ransomware/ with the reference to the sample SHA256: 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c (they keep referring to samples with MD5, which is still a very-very bad practice, but the hash is MD5: DB349B97C37D22F5EA1D1841E3C89EB4)

Once I got the sample from the VxStream Sandbox site, dropped it in the test environment, and monitored it with Security Onion. I was super happy to see it spreading, despite the fact that for the first run my Windows 7 x64 VM went to BSOD as the EthernalBlue exploit failed.

But the second run was a full success, all my Windows 7 VMs got infected. Brad was so kind and made a guest blog post at one of my favorite sites, www.malware-traffic-analysis.net so you can find the pcap, description of the test environment and some screenshots here: http://malware-traffic-analysis.net/2017/05/18/index2.html

Related posts


Related Posts:

  • NEIGHBORS ARE TIRED OF OUR MOANINGA Nigerian entertainer based in Cyprus, Omega Humez has taken a swipe at those ladies who refuse to greet or chat with guys they admire on social media. The father of one who shared photos of him kissing his partner revealed … Read More
  • 5 MOST POWERFUL AND MAGICAL WORDSThere are Five Magic words Every human being should know ,Be not confused with the word Magic , With magic In it some peeps will be thinking of Words like “Abracadabra” , “Depay odotha arisam quicum” ,… Read More
  • See the beautiful pictures taking with a tecno phone on a tour to Ibadan Ibadan, Oyo state was one of the cities we visited during the # C9ja tour and we got to see the famous Mapo Hall . Mapo Hall is one of the most significant historical monuments in Ibadan. Located on Mapo hill, this imposing a… Read More
  • Make Money By Designing Your Own Power Bank T he development of cellular phones in Federal Republic of Nigeria request US to devour a whole lot of strength to rate our cell phones and gadgets. On the off chance which you simply dwell in Federal Republic of Nigeria you … Read More
  • Enforcement Of Ban On Hawking In Lagos Starts Today Lagos—Following the directive by Governor, Akinwunmi Ambode of Lagos State on the enforcement of Law against hawking in the state, most streets and highways at the weekend seemed deserted by traders for fear of being a… Read More

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive

GET THE LOVE OF YOUR LIFE

Popular Posts

Recent Posts

Copyright © 2025 Welcome to Comrade Olamilekan's World... | Powered by Blogger