General
-
Target
2dcac9f48c3989619e0abd200beaae901852f751c239006886ac3ec56d89e3ef.zip
-
Size
32KB
-
Sample
210511-2a427zf7h2
-
MD5
a1e7adff1d6d454481ac1a6d557839f9
-
SHA1
109f3c74fe116d1d332f859b311296bd5003cfe0
-
SHA256
e78e37c05ace408d63b3030f63ff9f5a482b8c44f4cb8cea319333936c91defb
-
SHA512
49fea3a1dd51083ea64648465bb307f7ed3aa0a26f0df69295cb3c47aedbdc5d7a490a5bf2301b75fee7a681e48395c7b95ed0b169c101c7a9c89aae813eb6fb
Static task
static1
Behavioral task
behavioral1
Sample
2dcac9f48c3989619e0abd200beaae901852f751c239006886ac3ec56d89e3ef.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2dcac9f48c3989619e0abd200beaae901852f751c239006886ac3ec56d89e3ef.dll
Resource
win10v20210408
Malware Config
Extracted
\Device\HarddiskVolume1\\README.70d4d153.TXT
darkside
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/ZWQHXVE7MW9JXE5N1EGIP6IMEFAGC7LNN6WJCBVKJFKB5QXP6LUZV654ASG7977V
Targets
-
-
Target
2dcac9f48c3989619e0abd200beaae901852f751c239006886ac3ec56d89e3ef.dll
-
Size
54KB
-
MD5
e5f0b7379f688e764214ecf647fead76
-
SHA1
483c894ee5786704019873b0fc99080fdf1a0976
-
SHA256
2dcac9f48c3989619e0abd200beaae901852f751c239006886ac3ec56d89e3ef
-
SHA512
96bb2dac8ffa8ce025814e10d65ed77f4dcb712b03b7d206055839e3e4be243cb5f2176fee0d98f63dabc39bc78168f6d92a76d7c3e5da10473c20d51bf48ff9
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-