{"id":"58a7e2f088cb22dba94ec1ebf9aad4ac","title":"WannaCry — WannaCry · ransomware · PE","md5":"58a7e2f088cb22dba94ec1ebf9aad4ac","sha256":"b15fabb4f73fff2dd8dbb1a58e46423e9d33d985af34880d17e410b9ecd6bc47","family":"WannaCry","apt":"Lazarus(APT38)","verdict":null,"sample_type":"ransomware","lang":"C","file_format":"PE","compiler":"Microsoft Visual C/C++ 16.00.40219 (MSVC 2010 SP1)","published_at":"2026-07-03T16:00:00.000Z","summary":"Confirmed WannaCry ransomware (b15fabb4), Lazarus/APT38 attribution. Kill switch domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com verified. In sandbox: DNS NXDOMAIN → kill switch not triggered → full encryption confirmed. Screenshots capture ransomware GUI at t=15-60s. Kill switch uses DnsQuery_W() + InternetOpenUrlW() → ExitProcess(0) self-destruct chain.","url":"https://zseceye.com/report/58a7e2f088cb22dba94ec1ebf9aad4ac","json_url":"https://zseceye.com/report/58a7e2f088cb22dba94ec1ebf9aad4ac.json","html_url":"https://zseceye.com/report/58a7e2f088cb22dba94ec1ebf9aad4ac","hash_urls":{"md5":"https://zseceye.com/hash/58a7e2f088cb22dba94ec1ebf9aad4ac","sha256":"https://zseceye.com/hash/b15fabb4f73fff2dd8dbb1a58e46423e9d33d985af34880d17e410b9ecd6bc47"},"search_urls":{"md5":"https://zseceye.com/?q=58a7e2f088cb22dba94ec1ebf9aad4ac","sha256":"https://zseceye.com/?q=b15fabb4f73fff2dd8dbb1a58e46423e9d33d985af34880d17e410b9ecd6bc47"},"sample_download_url":"https://zseceye.com/report/58a7e2f088cb22dba94ec1ebf9aad4ac/sample","sample_filename":"b15fabb4.zip","iocs":[],"ips":[]}