General
-
Target
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.bin
-
Size
56KB
-
Sample
210510-gtfk73snsx
-
MD5
f913d43ba0a9f921b1376b26cd30fa34
-
SHA1
fd18c95cba3d2c31976605f680ad4b4308090b55
-
SHA256
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4
-
SHA512
4f7cad482394d88062e23e3c96025d63c0ae357ff56e475f0e7418718023f1f816cfa48fec0ca7a0b167485b86079519229575afebe748b98833bb7063757d1b
Static task
static1
Behavioral task
behavioral1
Sample
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.bin.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.bin.exe
Resource
win10v20210408
Malware Config
Extracted
C:\\README.949640ab.TXT
darkside
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/M4WA6U5QSGE711NVT9KYCULLHIMHCD9KVO20MKU2NJ6KS4E5PS1VJ5JVISJMC1YE
Targets
-
-
Target
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.bin
-
Size
56KB
-
MD5
f913d43ba0a9f921b1376b26cd30fa34
-
SHA1
fd18c95cba3d2c31976605f680ad4b4308090b55
-
SHA256
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4
-
SHA512
4f7cad482394d88062e23e3c96025d63c0ae357ff56e475f0e7418718023f1f816cfa48fec0ca7a0b167485b86079519229575afebe748b98833bb7063757d1b
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-