General
-
Target
2.exe
-
Size
40KB
-
Sample
210511-y667dr645s
-
MD5
78d080e27c4e75fbd8945af34a338958
-
SHA1
dfc4f8f01c18e8b9979ea1d5f67a2165a9de1e5d
-
SHA256
973dfafc3051d8c2849f62c556ab8057da706f15d1ffd8871de894ae3a24d86b
-
SHA512
a69fb8dd38bef3286173e9c86fa61435eb0b690d321488acbf3a986373bfffd90b256a4e57403686b72f8b3e998d506b4b80c2220b2570bdb425c543caa4bdc3
Static task
static1
Behavioral task
behavioral1
Sample
2.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2.exe
Resource
win10v20210408
Malware Config
Extracted
C:\\README.ff92ae65.TXT
darkside
http://darksidedxcftmqa.onion/blog/article/id/6/dQDclB_6Kg-c-6fJesONyHoaKh9BtI8j9Wkw2inG8O72jWaOcKbrxMWbPfKrUbHC
http://darksidfqzcuhtk2.onion/K71D6P88YTX04R3ISCJZHMD5IYV55V9247QHJY0HJYUXX68H2P05XPRIR5SP2U68
Targets
-
-
Target
2.exe
-
Size
40KB
-
MD5
78d080e27c4e75fbd8945af34a338958
-
SHA1
dfc4f8f01c18e8b9979ea1d5f67a2165a9de1e5d
-
SHA256
973dfafc3051d8c2849f62c556ab8057da706f15d1ffd8871de894ae3a24d86b
-
SHA512
a69fb8dd38bef3286173e9c86fa61435eb0b690d321488acbf3a986373bfffd90b256a4e57403686b72f8b3e998d506b4b80c2220b2570bdb425c543caa4bdc3
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-