General
-
Target
DiscordSetup.exe
-
Size
46.3MB
-
Sample
240510-thcj6ahb35
-
MD5
f6a8dca61c984137f9df99826747caca
-
SHA1
dba1c4a8ad77fb6afd47f4b98a6e10b5e2bcc785
-
SHA256
990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b
-
SHA512
b230e1c6d91c3749fa15a30595b7172303e5b2bc01febab52018e08872da28952b67788f8e911cc9141bb70d8fc2485d36fb81c24b04621a3ce5860caac0edc0
-
SSDEEP
786432:SMEnRtpu84z8+IElBn5ydGZpM+NaW041cAySCq8j21XntkNGQjkqWJWqfetxTwBp:3+LWbIED5yIZfNaWsW1oGskfoqGtxTvY
Static task
static1
Behavioral task
behavioral1
Sample
DiscordSetup.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
DiscordSetup.exe
-
Size
46.3MB
-
MD5
f6a8dca61c984137f9df99826747caca
-
SHA1
dba1c4a8ad77fb6afd47f4b98a6e10b5e2bcc785
-
SHA256
990803c15c5f42bdf81e7e8a0344d8ad08d6628ef06841b10fa0dd2697e1194b
-
SHA512
b230e1c6d91c3749fa15a30595b7172303e5b2bc01febab52018e08872da28952b67788f8e911cc9141bb70d8fc2485d36fb81c24b04621a3ce5860caac0edc0
-
SSDEEP
786432:SMEnRtpu84z8+IElBn5ydGZpM+NaW041cAySCq8j21XntkNGQjkqWJWqfetxTwBp:3+LWbIED5yIZfNaWsW1oGskfoqGtxTvY
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1