WannaCry - invoice_greenanimals.pdf.exe
The WannaCry-family executable checks a hardcoded kill-switch domain and, if unresolved, encrypts user files, deletes backups, and propagates laterally via SMB while establishing persistence through Windows services and registry modifications. It disables recovery options, uses anti-debugging and service-disguise techniques for stealth, and aggressively scans the internal network to maximize disruption and data loss.
Updated 15 February 2026
Difficulty Medium