General
-
Target
DArkS.bin
-
Size
61KB
-
Sample
210708-3s8f8amfk6
-
MD5
c8873191fe599cde49491443b47eb036
-
SHA1
b11def82d23f4c4883cf13b41de4cc2c8c5cc92f
-
SHA256
b565e9266717161163e884793dc1004f9f2ca94ab0533df9c167d5d188cebf2f
-
SHA512
2652dc435b148ac4af0dbb9edd8ceab711a540f4e6459fa78b95a5627a8e73e7bd27b601148262db0596699682a8a2e193dc3b2ba0bb9312cdb79c0563aff974
Static task
static1
Behavioral task
behavioral1
Sample
DArkS.bin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DArkS.bin.exe
Resource
win10v20210408
Malware Config
Extracted
C:\\README.53411c86.TXT
darkside
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/MYM57PZKKZKVJWS2PAFUZ4ZUZRK3JW4O1VQBMFON3RZIMKZ9CGVFLH2HV089EGT5
Targets
-
-
Target
DArkS.bin
-
Size
61KB
-
MD5
c8873191fe599cde49491443b47eb036
-
SHA1
b11def82d23f4c4883cf13b41de4cc2c8c5cc92f
-
SHA256
b565e9266717161163e884793dc1004f9f2ca94ab0533df9c167d5d188cebf2f
-
SHA512
2652dc435b148ac4af0dbb9edd8ceab711a540f4e6459fa78b95a5627a8e73e7bd27b601148262db0596699682a8a2e193dc3b2ba0bb9312cdb79c0563aff974
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-