General
-
Target
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e.zip
-
Size
5.8MB
-
Sample
210514-b67cd47dw2
-
MD5
c64db974a38135cfab8cc41659fad61d
-
SHA1
56d377ed1e91206f4ffe0626e6d9d8d015ec55be
-
SHA256
b964f940d3f2c52dd102009d98512929da73cb6e180c4db7b4def3faa29911fc
-
SHA512
75eabecc046a7083fbcdc2ead8d4f1761f166c56938402c8bb07fe5f8857bd93205699e4ca5c5b812c49ebf0dfe962603d7df4c7cbd9998498c79227841cc3f0
Static task
static1
Behavioral task
behavioral1
Sample
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.f2cbf9aa.TXT
darkside
http://darksidfqzcuhtk2.onion/CZEX8E0GR0AO4ASUCJE1K824OKJA1G24B8B3G0P84LJTTE7W8EC86JBE7NBXLMRT
Targets
-
-
Target
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e.exe
-
Size
5.9MB
-
MD5
794c5aa1b0e1f9cf2fc7fe5f22117c3f
-
SHA1
1821fe210298b1d22b25f1a544abcfe092999ff7
-
SHA256
4098b54c9d27b00ce34d04ffac24213ed28993a2854827851b157d63407c2e4e
-
SHA512
28c186359035e3f4bc5b4f0420c1e72de5e16fc3fa3b8d41316dd59739c552c810e180feff4637f25696f59b291b7cc00d66d969a4e7d2f460ec4471b1ad83cf
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Sets desktop wallpaper using registry
-