General
-
Target
8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc
-
Size
59KB
-
Sample
210831-ldycz9hdzj
-
MD5
04fde4340cc79cd9e61340d4c1e8ddfb
-
SHA1
88fc623483f7ffe57f986ed10789e6723083fcd8
-
SHA256
8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc
-
SHA512
105ddfb8bbfedc8460fb1e6d26c6cd02ea81bfdc12a196c1c2f8e52bc73faf03a688339b4c231ab5b5b3885f2ad248115c32c95fc64e84462a16c3e237e6fc9c
Static task
static1
Behavioral task
behavioral1
Sample
8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc.exe
Resource
win10v20210408
Malware Config
Extracted
C:\\README.f2cbf9aa.TXT
darkside
http://darksidfqzcuhtk2.onion/GM0CG8TNZ83ZPUD15TL76BLDCG0ST24TR6NXG1J2AVXSKF8KS4KFIIN2ON5GRWD4
Targets
-
-
Target
8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc
-
Size
59KB
-
MD5
04fde4340cc79cd9e61340d4c1e8ddfb
-
SHA1
88fc623483f7ffe57f986ed10789e6723083fcd8
-
SHA256
8cfd28911878af048fb96b6cc0b9da770542576d5c2b20b193c3cfc4bde4d3bc
-
SHA512
105ddfb8bbfedc8460fb1e6d26c6cd02ea81bfdc12a196c1c2f8e52bc73faf03a688339b4c231ab5b5b3885f2ad248115c32c95fc64e84462a16c3e237e6fc9c
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-