General
-
Target
9b5350dd_by_Libranalysis
-
Size
56KB
-
Sample
210519-lnb6h4zqj2
-
MD5
9b5350ddf895a5051b90a1cc563753df
-
SHA1
0e45a5f66f5ce300b8c7135450e76afaccc0d332
-
SHA256
2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5
-
SHA512
b96a1d383ca4721e3a0481399eb6dee0c1573e1c07140b7ec57c808b89cc6790937e6a7d49c960639a79c5a1bf1595e05834c6ae42c1c6933d2537fb38eaa190
Static task
static1
Behavioral task
behavioral1
Sample
9b5350dd_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
9b5350dd_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.aeef1a75.TXT
darkside
http://dark24vx6fsmdrtbzdzjv6ckz4yqyued4uz455oqpctko7m6vbrzibad.onion/1SJ1TB6JTW4SEUG6GSN7IVSGERSM5H5M2VZOHQ4PSIVS2AGAQDMT3QVGIFMPM3K8
Targets
-
-
Target
9b5350dd_by_Libranalysis
-
Size
56KB
-
MD5
9b5350ddf895a5051b90a1cc563753df
-
SHA1
0e45a5f66f5ce300b8c7135450e76afaccc0d332
-
SHA256
2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5
-
SHA512
b96a1d383ca4721e3a0481399eb6dee0c1573e1c07140b7ec57c808b89cc6790937e6a7d49c960639a79c5a1bf1595e05834c6ae42c1c6933d2537fb38eaa190
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-