General
-
Target
6485573600313344.zip
-
Size
32KB
-
Sample
210511-xd33qnt5jn
-
MD5
111972e29a339879909e8aa6cd89da90
-
SHA1
3cdf46a6d5f061f533c79b351ab141693c21679b
-
SHA256
6fb9ed70b110771d404e6b704b9b3b00a5b6ba8f489b747894f13c71e112aa1e
-
SHA512
fa106d9bf4aa93d7a8f72cef7ffc998b960fdbe59776595661f1da47cec544d98ede5683ac8c9ea779d1369cef87ae00bc71ce692570dfca233515907e694d74
Static task
static1
Behavioral task
behavioral1
Sample
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.53411c86.TXT
darkside
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/M4WA6U5QSGE711NVT9KYCULLHIMHCD9KVO20MKU2NJ6KS4E5PS1VJ5JVISJMC1YE
Targets
-
-
Target
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4
-
Size
56KB
-
MD5
f913d43ba0a9f921b1376b26cd30fa34
-
SHA1
fd18c95cba3d2c31976605f680ad4b4308090b55
-
SHA256
b6855793aebdd821a7f368585335cb132a043d30cb1f8dccceb5d2127ed4b9a4
-
SHA512
4f7cad482394d88062e23e3c96025d63c0ae357ff56e475f0e7418718023f1f816cfa48fec0ca7a0b167485b86079519229575afebe748b98833bb7063757d1b
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-