General
-
Target
Discord-Nitro-Generator-and-Checker-main (1).zip
-
Size
138KB
-
Sample
240509-qt6etscb2s
-
MD5
27cb01bbd9a4c072c5a11a5696ef3884
-
SHA1
45edd6031dd4e6f68f7dcdd42930000201afdd6b
-
SHA256
aba7c2b7ebc6c30c640d0b9560a39411e91862434633d049b8195ee64ef42686
-
SHA512
d44d1bfd471776fa42ec62e804ccad968624cb8ca167b770d0ae0169e3418c3a4a173ac420d3d7c4376ce849a6b9564458bd79de449e146474da566cbb9eba09
-
SSDEEP
3072:ychFzSbABmPNGPgskDECWfqou2Ofdn/60y7nW7MyhG97p/2RwAh:rLzSb3PN0gs6TWfqonOloYG9deRwAh
Static task
static1
Behavioral task
behavioral1
Sample
Discord-Nitro-Generator-and-Checker-main/main.py
Resource
win10v2004-20240508-fr
Malware Config
Extracted
C:\Users\Admin\Desktop\WannaCry-master\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
Discord-Nitro-Generator-and-Checker-main/main.py
-
Size
9KB
-
MD5
9e5ae8700307a28c5dce70de7cbac0ca
-
SHA1
6b1d93b55b999d0b26b892c8e04feeaf135a335b
-
SHA256
0cea085efa84ce9984c3309af33bc0d5fb80805234640488b7e0ced2294f46b6
-
SHA512
5e010795ecb62ea5446df604d7af8d940ed6e1746322eaf0744a9b72053936eaa690c50ee5fb35e26560f98283aff124661d51f643cf3d99551325c4c0952709
-
SSDEEP
192:E3RHnPQYk2aPybZNYwxWxf5eJofzreVydW390Rgd6VJEZKZ2cWPay:E3ZPoSWi390aYUL99
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1