General
-
Target
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.zip
-
Size
29KB
-
Sample
210511-kjcs6wt8bx
-
MD5
ec9866eb862dc9d2b7e9fe6f4a052744
-
SHA1
67ef968cc72749f27a7f60cd99462f9ece1bce6a
-
SHA256
9c372b7d2656c5c58634d8053183fa2b7cb9da317314e08d299783cedb28c1b0
-
SHA512
55076f225eae1ce9610e0fe655bdf81e879e16c4d355cd6f52208dcff46f9f9e0ad8f34a03dbd7598408382304bbe07a2bd75f494d426fd11f7ea02027de4895
Static task
static1
Behavioral task
behavioral1
Sample
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.f2cbf9aa.TXT
darkside
http://darksidfqzcuhtk2.onion/OBB5DDMR8RB9DI2RYYF376YGBJAV2J4F2NXFEWPBSXY709MAA0MY7PMBBQJ0HVG3
Targets
-
-
Target
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a.exe
-
Size
30KB
-
MD5
f00aded4c16c0e8c3b5adfc23d19c609
-
SHA1
86ca4973a98072c32db97c9433c16d405e4154ac
-
SHA256
4d9432e8a0ceb64c34b13d550251b8d9478ca784e50105dc0d729490fb861d1a
-
SHA512
a2697c2b008af3c51db771ba130590e40de2b0c7ad6f18b5ba284edffdc7a38623b56bc24939bd3867a55a7d263b236e02d1f0d718a5d3625402f2325cbfbedf
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-