General
-
Target
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.zip
-
Size
29KB
-
Sample
210511-a85d5jca7n
-
MD5
da025db3abf5e081a1b12b4a6d8c1fa0
-
SHA1
ddae46f5f18e2d16ebf125d877d93a4f8af418a8
-
SHA256
390cd3eb4070a67ece4e161609796ad2acaab76a6bf8d133a75d687bff0f17c4
-
SHA512
d06dab7bd9d9520136ac8ca024c973a468f3d7e0f78d946660322fb7f44a076ed371bed871f3489c823fb66692902778f61a5c9c637699d4e7244f78a9c5c9e9
Static task
static1
Behavioral task
behavioral1
Sample
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.f2cbf9aa.TXT
darkside
http://darksidfqzcuhtk2.onion/OBB5DDMR8RB9DI2RYYF376YGBJAV2J4F2NXFEWPBSXY709MAA0MY7PMBBQJ0HVG3
Targets
-
-
Target
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
-
Size
30KB
-
MD5
f00aded4c16c0e8c3b5adfc23d19c609
-
SHA1
86ca4973a98072c32db97c9433c16d405e4154ac
-
SHA256
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a
-
SHA512
a2697c2b008af3c51db771ba130590e40de2b0c7ad6f18b5ba284edffdc7a38623b56bc24939bd3867a55a7d263b236e02d1f0d718a5d3625402f2325cbfbedf
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-