General
-
Target
f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef
-
Size
1.1MB
-
Sample
201125-51ajk8pa9s
-
MD5
ec0e75c477fc54c92c47788bb9ccc034
-
SHA1
c7f2264d27ac44beb66f13d383f5ad6671750af0
-
SHA256
f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef
-
SHA512
db0408032dc4aade2533feb5261d2688c14a96e572712d45d4d7d6f30895061da8b76cabbbbb4ba9b93d2dda3c26f9d878d4c7c8c5e6df54958875dfad1bc740
Static task
static1
Behavioral task
behavioral1
Sample
f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef.exe
Resource
win10v20201028
Malware Config
Extracted
C:\\README.07ffd50c.TXT
darkside
http://darksidedxcftmqa.onion/blog/article/id/6/dQDclB_6Kg-c-6fJesONyHoaKh9BtI8j9Wkw2inG8O72jWaOcKbrxMWbPfKrUbHC
http://darksidfqzcuhtk2.onion/K71D6P88YTX04R3ISCJZHMD5IYV55V9247QHJY0HJYUXX68H2P05XPRIR5SP2U68
Targets
-
-
Target
f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef
-
Size
1.1MB
-
MD5
ec0e75c477fc54c92c47788bb9ccc034
-
SHA1
c7f2264d27ac44beb66f13d383f5ad6671750af0
-
SHA256
f42bcc81c05e8944649958f8b9296c5523d1eb8ab00842d66530702e476561ef
-
SHA512
db0408032dc4aade2533feb5261d2688c14a96e572712d45d4d7d6f30895061da8b76cabbbbb4ba9b93d2dda3c26f9d878d4c7c8c5e6df54958875dfad1bc740
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-