General
-
Target
5860f2415aa9a30c045099e3071f099313f653ae1806d6bcdb5f47d5da96c6d7.zip
-
Size
125KB
-
Sample
211117-tlxphadce8
-
MD5
4dd8d0e0c2e60b4495a8274cd9eecc0f
-
SHA1
a801058366e91dd2dd5d7637b4911e3e1fc93903
-
SHA256
0c15eaa5c8a3d2bf981ad2e5be531fe760932cb4291038051b5a308c6a66e084
-
SHA512
516fc8d7b8cf536a75b54367ac631d09b21d85bd74f097dde6360dcc2a00596e9b6b8ad2df1e732ef212e91e2a6467b1703777cfefe679dd887c3a273b301676
Static task
static1
Behavioral task
behavioral1
Sample
5860f2415aa9a30c045099e3071f099313f653ae1806d6bcdb5f47d5da96c6d7.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
5860f2415aa9a30c045099e3071f099313f653ae1806d6bcdb5f47d5da96c6d7.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\\README.e0659d9c.TXT
darkside
http://darksidfqzcuhtk2.onion/GM0CG8TNZ83ZPUD15TL76BLDCG0ST24TR6NXG1J2AVXSKF8KS4KFIIN2ON5GRWD4
Targets
-
-
Target
5860f2415aa9a30c045099e3071f099313f653ae1806d6bcdb5f47d5da96c6d7
-
Size
256KB
-
MD5
e5ca2d127e7300f28fbeb1e74d6a6858
-
SHA1
d3495ac3b708caeceffab59949dbf8a9fa24ccef
-
SHA256
5860f2415aa9a30c045099e3071f099313f653ae1806d6bcdb5f47d5da96c6d7
-
SHA512
6a0ea0f30648fec076abbeec97ff3d4b55fb34d376611468e52d6b11b9aa022dfb95448c0ba21794911f8c5f6d9c14ea7d0c87ee673f8b438255942712f73838
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-