General
-
Target
DiscordBotClient-win-x64.exe
-
Size
82.8MB
-
Sample
240522-2928wscg75
-
MD5
e02a387a80c06e5922d30a369edaa20c
-
SHA1
07b8a90d2da366b81642cf20b6256ee1e2e62f97
-
SHA256
c7ba08a51c4fd3a44351eaac1a0dfa086fec4ac534630be71545584745d818cc
-
SHA512
dc24c18b8602a372da02b47a8e795074df0eeefdc3cd4f728ec84458d1c16bc822dea1b655eb35c25f3df20a743a607e239d03480af302e588d30409ace39996
-
SSDEEP
1572864:/+e4hdTkPnN++TYdbUAgX2+fDV1NzLFcYse11KVBj1mD0h20pwR5UQWFHU:/+e4DQ1++gUAE2OJXFxsM12jYD0h20cf
Static task
static1
Behavioral task
behavioral1
Sample
DiscordBotClient-win-x64.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
DiscordBotClient-win-x64.exe
-
Size
82.8MB
-
MD5
e02a387a80c06e5922d30a369edaa20c
-
SHA1
07b8a90d2da366b81642cf20b6256ee1e2e62f97
-
SHA256
c7ba08a51c4fd3a44351eaac1a0dfa086fec4ac534630be71545584745d818cc
-
SHA512
dc24c18b8602a372da02b47a8e795074df0eeefdc3cd4f728ec84458d1c16bc822dea1b655eb35c25f3df20a743a607e239d03480af302e588d30409ace39996
-
SSDEEP
1572864:/+e4hdTkPnN++TYdbUAgX2+fDV1NzLFcYse11KVBj1mD0h20pwR5UQWFHU:/+e4DQ1++gUAE2OJXFxsM12jYD0h20cf
Score9/10-
Renames multiple (253) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-