General
-
Target
1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a
-
Size
60KB
-
Sample
210513-2rec2y3gyx
-
MD5
c4da0137cbb99626fd44da707ae1bca8
-
SHA1
a38e9891152755d9e7fff7386bb5a1bca375bd91
-
SHA256
1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a
-
SHA512
dd8212ff73522c6590ff8d8a3a48276fd872649eada2315b045c8c9f6cf054c3fe6cd741a16744eb82eff763acb745f07336c44db8f0c693770180cf7fd90645
Static task
static1
Behavioral task
behavioral1
Sample
1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.949640ab.TXT
darkside
http://darksidedxcftmqa.onion/blog/article/id/6/dQDclB_6Kg-c-6fJesONyHoaKh9BtI8j9Wkw2inG8O72jWaOcKbrxMWbPfKrUbHC
http://darksidfqzcuhtk2.onion/K71D6P88YTX04R3ISCJZHMD5IYV55V9247QHJY0HJYUXX68H2P05XPRIR5SP2U68
Targets
-
-
Target
1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a
-
Size
60KB
-
MD5
c4da0137cbb99626fd44da707ae1bca8
-
SHA1
a38e9891152755d9e7fff7386bb5a1bca375bd91
-
SHA256
1d4c0b32aea68056755daf70689699200ffa09688495ccd65a0907cade18bd2a
-
SHA512
dd8212ff73522c6590ff8d8a3a48276fd872649eada2315b045c8c9f6cf054c3fe6cd741a16744eb82eff763acb745f07336c44db8f0c693770180cf7fd90645
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-