General

  • Target

    5da2a2ebe9959e6ac21683a8950055309eb34544962c02ed564e0deaf83c9477.zip

  • Size

    1.8MB

  • Sample

    211101-sndhzaabe8

  • MD5

    fb52cffd521e885a8f1ad7d35527e831

  • SHA1

    ddca96db77428edd507486ef1786596f5219819e

  • SHA256

    5e210a42996ad14924d70184043cb304be7f555a20d8937ae4502e01d4cf33aa

  • SHA512

    707c2d7dc2ea1a3cd253358206de9a8455c0a2927f08e01d258d5ae0594d74b19470eed584c4e695a8af289e57d97fa43013154bf72cf9070f13e2d0ab5c7b83

Score
10/10

Malware Config

Extracted

Path

C:\Recovery\6e3e77a2-1a56-11ec-8d0f-c222d480bba6\README.txt

Family

darkside

Ransom Note
WINNER WINNER CHICKEN DINNER What happend? ############################################## All your servers and computers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? ############################################## We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one image file for free. The file size should be no more than 2 MB. Contact us by email: 22eb687475f2c5ca30b@protonmail.com !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!
Emails

22eb687475f2c5ca30b@protonmail.com

Targets

    • Target

      5da2a2ebe9959e6ac21683a8950055309eb34544962c02ed564e0deaf83c9477.exe

    • Size

      3.1MB

    • MD5

      298b9c281bab03460621171d76476850

    • SHA1

      7c4027418a000c68372b251a2fc152b10acf502f

    • SHA256

      5da2a2ebe9959e6ac21683a8950055309eb34544962c02ed564e0deaf83c9477

    • SHA512

      55a3223021fb5e66ac5227d24930e70a454dea04393e534aa2d057a53013cf18370572656b06170d5fe0998c6c89656a751fc4f31a8e9c95b4ec3e7dbac9cd80

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Target

      98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63.exe

    • Size

      700KB

    • MD5

      46a1325bb01e37e0ee2d2ba37db257f2

    • SHA1

      fde5f666007cdb1fd1dddd2fefbed916992e9e65

    • SHA256

      98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63

    • SHA512

      2244ad1c7cc1814d0ca2a646ad1d158fef6a269bfcaa327d46400c6ab7edb595b1c47393cfcbb9b15c6f748f50515a4da397733972198453822b03757861ff72

    Score
    10/10
    • DarkSide

      Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

MITRE ATT&CK Matrix

Tasks