General
-
Target
2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.zip
-
Size
32KB
-
Sample
210524-jthfk3xeba
-
MD5
daa5b50029730a43f6740cc5376aac24
-
SHA1
4f798a9c38b31913afd69eb22dd4658ece92cd83
-
SHA256
d3fa6ed8458e92bc814627d58d04d29b1e79b3ab9dcd90b50c87f9d4503ef9f0
-
SHA512
87d243ffbe4ea98bef03f2c41f2189f2ddbdba3f137c2ff09d79ad384a3b82ffc023d100aa6ee6886c935fe6170efad0cb866499dc1f204f2e59dddd2f6833e6
Static task
static1
Behavioral task
behavioral1
Sample
2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.exe
Resource
win10v20210408
Malware Config
Extracted
C:\\README.53411c86.TXT
darkside
http://dark24vx6fsmdrtbzdzjv6ckz4yqyued4uz455oqpctko7m6vbrzibad.onion/1SJ1TB6JTW4SEUG6GSN7IVSGERSM5H5M2VZOHQ4PSIVS2AGAQDMT3QVGIFMPM3K8
Targets
-
-
Target
2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5.exe
-
Size
56KB
-
MD5
9b5350ddf895a5051b90a1cc563753df
-
SHA1
0e45a5f66f5ce300b8c7135450e76afaccc0d332
-
SHA256
2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5
-
SHA512
b96a1d383ca4721e3a0481399eb6dee0c1573e1c07140b7ec57c808b89cc6790937e6a7d49c960639a79c5a1bf1595e05834c6ae42c1c6933d2537fb38eaa190
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-