General
-
Target
ut.bin.zip
-
Size
225KB
-
Sample
210529-mc7edj4l9j
-
MD5
32071a01bb7728a15a0820eb77ca9280
-
SHA1
9fa45b5c482d111e439524489edc6d6b3ef897a6
-
SHA256
5205f30e5b0ff274c4bab8c647120b0226a898e449b3b114cfeecf4c9c12340e
-
SHA512
29054631034d02cc2dc4a4d35abe039abafb1463ea72756c5b506d86ac9ddf5f33855d34e31108c3ab81b9e45f77707074f26c9d7dbf7027baea717c92460450
Static task
static1
Behavioral task
behavioral1
Sample
ut.bin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ut.bin.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.137cb6d5.TXT
darkside
http://darksidedxcftmqa.onion/blog/article/id/6/dQDclB_6Kg-c-6fJesONyHoaKh9BtI8j9Wkw2inG8O72jWaOcKbrxMWbPfKrUbHC
http://darksidfqzcuhtk2.onion/K71D6P88YTX04R3ISCJZHMD5IYV55V9247QHJY0HJYUXX68H2P05XPRIR5SP2U68
Targets
-
-
Target
ut.bin
-
Size
226KB
-
MD5
c81dae5c67fb72a2c2f24b178aea50b7
-
SHA1
4bd6437cd1dc77097a7951466531674f80c866c6
-
SHA256
48a848bc9e0f126b41e5ca196707412c7c40087404c0c8ed70e5cee4a418203a
-
SHA512
30d63e080f37f34fb29fd46f8fb1572d79f645154a002c8da5914ae3d51e224bc60601f91f5d58ac2ce9f81d56a8ad467d7fde55d429ed269df3c196e6687b2c
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-