General
-
Target
151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5
-
Size
59KB
-
Sample
210518-trhasvtxns
-
MD5
9d418ecc0f3bf45029263b0944236884
-
SHA1
eeb28144f39b275ee1ec008859e80f215710dc57
-
SHA256
151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5
-
SHA512
82ced42a32f18ede4358459e08bed1adff85d49c952aca7a086571c5b71fd8b3185ea4306abd1f4e639a12f11161f43c73bf6049d76902d365c5a5e4c7e71f3d
Static task
static1
Behavioral task
behavioral1
Sample
151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.341d6443.TXT
darkside
http://darksidfqzcuhtk2.onion/CZEX8E0GR0AO4ASUCJE1K824OKJA1G24B8B3G0P84LJTTE7W8EC86JBE7NBXLMRT
Targets
-
-
Target
151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5
-
Size
59KB
-
MD5
9d418ecc0f3bf45029263b0944236884
-
SHA1
eeb28144f39b275ee1ec008859e80f215710dc57
-
SHA256
151fbd6c299e734f7853497bd083abfa29f8c186a9db31dbe330ace2d35660d5
-
SHA512
82ced42a32f18ede4358459e08bed1adff85d49c952aca7a086571c5b71fd8b3185ea4306abd1f4e639a12f11161f43c73bf6049d76902d365c5a5e4c7e71f3d
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Sets desktop wallpaper using registry
-