General
-
Target
GlitchrollV2_UPDATED.rar
-
Size
9.4MB
-
Sample
240530-qqknysbc65
-
MD5
04c69c43747f2f583a46b546b718bb32
-
SHA1
9cd561e13af9479ba74a86416d218425bcbf7a66
-
SHA256
9e7a8780a67bbb7153e1d0028009f4b9be9c7f7a62c2566e221bc81a57c28a05
-
SHA512
daab355dd8d8b9759b21ff179c2dd7350a16b0266c2201ac92c1b4ac1a3e99305a7f8d949990f0332132a1213c507483cfd967e3bb178bf713a377b38c62084e
-
SSDEEP
196608:w3SQae1xlRLLtd61sN7up52/y1X52lMEViRd/9Ti/s+Y:Cai3RLRM1sN7ueO5DEs//9Tiw
Static task
static1
Behavioral task
behavioral1
Sample
GlitchrollV2_UPDATED.rar
Resource
win11-20240419-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
wannacry
12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Targets
-
-
Target
GlitchrollV2_UPDATED.rar
-
Size
9.4MB
-
MD5
04c69c43747f2f583a46b546b718bb32
-
SHA1
9cd561e13af9479ba74a86416d218425bcbf7a66
-
SHA256
9e7a8780a67bbb7153e1d0028009f4b9be9c7f7a62c2566e221bc81a57c28a05
-
SHA512
daab355dd8d8b9759b21ff179c2dd7350a16b0266c2201ac92c1b4ac1a3e99305a7f8d949990f0332132a1213c507483cfd967e3bb178bf713a377b38c62084e
-
SSDEEP
196608:w3SQae1xlRLLtd61sN7up52/y1X52lMEViRd/9Ti/s+Y:Cai3RLRM1sN7ueO5DEs//9Tiw
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1