General

  • Target

    a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850.exe

  • Size

    831KB

  • Sample

    211125-r7pjxafebq

  • MD5

    f2cb24bfbd11a22c235f2f492b95c28d

  • SHA1

    e7acd40a42130efc72b3ec0920381f86d9dfd8e2

  • SHA256

    a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850

  • SHA512

    2d2c72d55046008f509a27716ddb7093858a73ec89686a29bbe497fe2c190311cdb54ec15a449d7483b30aa37a82e99c4f19f3e700973518c051b60a12ca64b4

Score
10/10

Malware Config

Extracted

Path

C:\Recovery\590dd5e2-2d4f-11ec-8202-e2f59334bf81\README.txt

Family

darkside

Ransom Note
WINNER WINNER CHICKEN DINNER What happend? ############################################## All your servers and computers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? ############################################## We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one image file for free. The file size should be no more than 2 MB. Contact us by email: 22eb687475f2c5ca30b@protonmail.com !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!
Emails

22eb687475f2c5ca30b@protonmail.com

Targets

    • Target

      a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850.exe

    • Size

      831KB

    • MD5

      f2cb24bfbd11a22c235f2f492b95c28d

    • SHA1

      e7acd40a42130efc72b3ec0920381f86d9dfd8e2

    • SHA256

      a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850

    • SHA512

      2d2c72d55046008f509a27716ddb7093858a73ec89686a29bbe497fe2c190311cdb54ec15a449d7483b30aa37a82e99c4f19f3e700973518c051b60a12ca64b4

    Score
    10/10
    • DarkSide

      Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

MITRE ATT&CK Matrix

Tasks