General
-
Target
a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850.exe
-
Size
831KB
-
Sample
211125-r7pjxafebq
-
MD5
f2cb24bfbd11a22c235f2f492b95c28d
-
SHA1
e7acd40a42130efc72b3ec0920381f86d9dfd8e2
-
SHA256
a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850
-
SHA512
2d2c72d55046008f509a27716ddb7093858a73ec89686a29bbe497fe2c190311cdb54ec15a449d7483b30aa37a82e99c4f19f3e700973518c051b60a12ca64b4
Static task
static1
Behavioral task
behavioral1
Sample
a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850.exe
Resource
win10-en-20211104
Malware Config
Extracted
C:\Recovery\590dd5e2-2d4f-11ec-8202-e2f59334bf81\README.txt
darkside
22eb687475f2c5ca30b@protonmail.com
Targets
-
-
Target
a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850.exe
-
Size
831KB
-
MD5
f2cb24bfbd11a22c235f2f492b95c28d
-
SHA1
e7acd40a42130efc72b3ec0920381f86d9dfd8e2
-
SHA256
a471fdf6b137a6035b2a2746703cd696089940698fd533860d34e71cc6586850
-
SHA512
2d2c72d55046008f509a27716ddb7093858a73ec89686a29bbe497fe2c190311cdb54ec15a449d7483b30aa37a82e99c4f19f3e700973518c051b60a12ca64b4
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-