General
-
Target
DarkSide.zip
-
Size
33KB
-
Sample
210824-dketk6axse
-
MD5
e83dafb4cb5cf5bbc35054b3c6d9912a
-
SHA1
671476f021977ae40956e05fbfb036454878eab6
-
SHA256
2d9d3e85f156f520023789e6d1a8df740da3f5962eb9f8da036a111ac737f994
-
SHA512
899f01471d45b1038c33ba009033d491d45d3a2a8737a98720de2678e29c23bbbe9e7014b6cc6ea5c00c84e17bc3748cdc3906ead40820ed77f641d946293d42
Static task
static1
Behavioral task
behavioral1
Sample
f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4.exe
Resource
win10v20210410
Malware Config
Extracted
C:\\README.53411c86.TXT
darkside
http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion/162/thedixiegroup/LCfyHRcwffrYTblpZvoPO3XDbrYPcNu0wVAsH5p49LSjBfzTmtdXT48azXFlMu7q
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/W57MRI9C7YZJUZEABBBYRQLSUTG22JZ9MAH0WT1ISHC405KP7Z2UWY3AI3J68DNM
Targets
-
-
Target
f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4.exe
-
Size
56KB
-
MD5
3f2cb535fc5bc296aa5b0d2897c265d0
-
SHA1
c30358563fa940eb5cd6064d4d16defee43b0310
-
SHA256
f3f25af554bedfa4ee2824bb858280282bd87828d446048619dc49fe061741b4
-
SHA512
6fc3a98f16f4fbd2e6bd4211c35b403ed565d6b30f803e6da04e14efe018aca09719256f1e8a2c8a5763a7bac08de3be964eb6251d858df0f6261f82b3f2f7a2
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-