Pcap Of Wannacry Spreading Using EthernalBlue
Saw that a lot of people were looking for a pcap with WannaCry spreading Using EthernalBlue.
I have put together a little "petri dish" test environment and started looking for a sample that has the exploit. Some samples out there simply do not have the exploit code, and even tough they will encrypt the files locally, sometimes the mounted shares too, they would not spread.
Luckily, I have found this nice blog post from McAfee Labs: https://securingtomorrow.mcafee.com/mcafee-labs/analysis-wannacry-ransomware/ with the reference to the sample SHA256: 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c (they keep referring to samples with MD5, which is still a very-very bad practice, but the hash is MD5: DB349B97C37D22F5EA1D1841E3C89EB4)
Once I got the sample from the VxStream Sandbox site, dropped it in the test environment, and monitored it with Security Onion. I was super happy to see it spreading, despite the fact that for the first run my Windows 7 x64 VM went to BSOD as the EthernalBlue exploit failed.
But the second run was a full success, all my Windows 7 VMs got infected. Brad was so kind and made a guest blog post at one of my favorite sites, www.malware-traffic-analysis.net so you can find the pcap, description of the test environment and some screenshots here: http://malware-traffic-analysis.net/2017/05/18/index2.html
I have put together a little "petri dish" test environment and started looking for a sample that has the exploit. Some samples out there simply do not have the exploit code, and even tough they will encrypt the files locally, sometimes the mounted shares too, they would not spread.
Luckily, I have found this nice blog post from McAfee Labs: https://securingtomorrow.mcafee.com/mcafee-labs/analysis-wannacry-ransomware/ with the reference to the sample SHA256: 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c (they keep referring to samples with MD5, which is still a very-very bad practice, but the hash is MD5: DB349B97C37D22F5EA1D1841E3C89EB4)
Once I got the sample from the VxStream Sandbox site, dropped it in the test environment, and monitored it with Security Onion. I was super happy to see it spreading, despite the fact that for the first run my Windows 7 x64 VM went to BSOD as the EthernalBlue exploit failed.
But the second run was a full success, all my Windows 7 VMs got infected. Brad was so kind and made a guest blog post at one of my favorite sites, www.malware-traffic-analysis.net so you can find the pcap, description of the test environment and some screenshots here: http://malware-traffic-analysis.net/2017/05/18/index2.html
More articles
- Pentest Tools Android
- Best Hacking Tools 2019
- Hack Tools For Games
- Pentest Box Tools Download
- Hack Tools For Games
- Hacking Tools Windows
- What Are Hacking Tools
- Pentest Tools
- Hacking Apps
- How To Install Pentest Tools In Ubuntu
- World No 1 Hacker Software
- Pentest Tools Subdomain
- Pentest Tools Windows
- Nsa Hack Tools
- Pentest Tools Github
- Growth Hacker Tools
- Hacking Tools Kit
- Pentest Tools Kali Linux
- Hacking Tools Free Download
- Pentest Tools Nmap
- Hack Tools
- How To Make Hacking Tools
- Free Pentest Tools For Windows
- Pentest Tools Website Vulnerability
- How To Install Pentest Tools In Ubuntu
- Hacking Tools For Games
- Hacker Tools 2019
- Pentest Tools For Ubuntu
- Pentest Tools Windows
- New Hack Tools
- Hacker Tools Free
- Pentest Tools Kali Linux
- Hacker Tools Linux
- Pentest Tools Website Vulnerability
- Tools For Hacker
- Hacker Tools List
- What Is Hacking Tools
- Pentest Recon Tools
- Hack Tools For Mac
- Pentest Tools Find Subdomains
- Hacker Tools Software
- Hack Tools Pc
- Pentest Tools Online
- Hacking Tools 2019
- Hack Tools Mac
- Hack App
- Hacking Tools Download
- Tools 4 Hack
- Free Pentest Tools For Windows
- Github Hacking Tools
- Hacker Tools Hardware
- Pentest Tools Download
- Hacking Tools 2020
- Free Pentest Tools For Windows
- Hacking Tools For Beginners
- Pentest Tools Kali Linux
- Hacker Tools Free Download
- Hack App
- Hacker Tools Hardware
- Pentest Tools For Windows
- Hacker Hardware Tools
- Hacking Tools Download
- Black Hat Hacker Tools
- Hacking Tools Download
- Hacker Tool Kit
- Pentest Box Tools Download
- Tools Used For Hacking
- Free Pentest Tools For Windows
- Blackhat Hacker Tools
- Pentest Tools Website
- Hacking Tools Free Download
- Hacker Tools Online
- Hacking Tools Hardware
- Pentest Tools For Ubuntu
- Hacker Tools For Ios
- Hacking Tools 2020
- Hacker Tools Apk
- Hack Tools For Ubuntu
- Hacking Tools Github
- Growth Hacker Tools
- Hacker Search Tools
- Pentest Box Tools Download
- Hack Rom Tools
- Best Pentesting Tools 2018
- Hacker Tools Apk Download
- Nsa Hacker Tools
- Pentest Tools Kali Linux
- Hack Rom Tools
- Hack Tools
- Hacking Tools Download
- Hacking Tools Usb
- Hacker Tools Linux
- Hack Tools Online
- Tools Used For Hacking
- Pentest Tools Github
- Bluetooth Hacking Tools Kali
- Hack Apps
- Hack Tools For Ubuntu
- Pentest Tools Website Vulnerability
- Hacker Tools Windows
- Hacking Tools For Beginners
- How To Hack
- Github Hacking Tools
- Hacking Tools Hardware
- Pentest Tools Windows
- Blackhat Hacker Tools
- Termux Hacking Tools 2019
- Nsa Hacker Tools
- Pentest Tools For Windows
- Hacker Tools
- Hack And Tools
- Pentest Tools Android
- Computer Hacker
- Hack Tool Apk
- Hack App
- Pentest Tools Nmap
- Hack Tools 2019
- Ethical Hacker Tools
- Hak5 Tools
- Hacker Tools
- Pentest Tools Find Subdomains
- Hack Tools Pc
- Hack Tools For Ubuntu
- Termux Hacking Tools 2019
- Hacking Tools Windows 10
- Pentest Tools Open Source
- Tools 4 Hack
- Hacker Tools Software
- Ethical Hacker Tools
- Termux Hacking Tools 2019
- Beginner Hacker Tools
- Best Pentesting Tools 2018
- Pentest Reporting Tools
- Hacker Tools For Pc
- Hacking Tools Pc
- Pentest Tools Find Subdomains
- Pentest Tools Open Source
- Nsa Hack Tools Download
- Hacker Tools 2019
- Hacking Tools Mac
- Nsa Hacker Tools
- Pentest Tools Kali Linux
- Pentest Tools Linux
- Hacking Tools
- Pentest Tools Kali Linux
- Pentest Recon Tools
- Underground Hacker Sites
- Hacker Tools Apk
0 Comments:
Post a Comment
<< Home