General
-
Target
223431c0_by_Libranalysis
-
Size
32KB
-
Sample
210511-l8sndkch12
-
MD5
223431c08d2c6777f1c322b83c549169
-
SHA1
0e53ae6d6f1cb02ecc8f18b1ed3f6cb25ea6e093
-
SHA256
292957f5f4838bf6e9fd7fbdb3b66019a22e0c9ed87d83f53c80abe4354d3333
-
SHA512
b295621770f1ccdc873221aada90c3a75d1fc56c182d4900e493d9c3cc632f060bb3b1fd831361d08a35e5c4e45ffae07127e188a4d2ffe6c8561bf30b895c6a
Static task
static1
Behavioral task
behavioral1
Sample
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673.dll
Resource
win10v20210408
Malware Config
Extracted
C:\\README.949640ab.TXT
darkside
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/ZWQHXVE7MW9JXE5N1EGIP6IMEFAGC7LNN6WJCBVKJFKB5QXP6LUZV654ASG7977V
Targets
-
-
Target
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673.dll
-
Size
54KB
-
MD5
f587adbd83ff3f4d2985453cd45c7ab1
-
SHA1
2715340f82426f840cf7e460f53a36fc3aad52aa
-
SHA256
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673
-
SHA512
37acf3c7a0b52421b4b33b14e5707497cfc52e57322ad9ffac87d0551220afc202d4c0987460d295077b9ee681fac2021bbfdebdc52c829b5f998ce7ac2d1efe
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-