General
-
Target
c718e6eaa1a446e0a3d72b533b3552c4419e9e2c646e48a5cbfeb6a7ee88c3dc.zip
-
Size
133KB
-
Sample
220105-sncaxaaea6
-
MD5
c8899b3bb00db07b7b702e3bd0a58774
-
SHA1
d5d405bc1bc41b036411701315c8a653e8e4d13b
-
SHA256
684ce737c1df26159dc117c485e1c922db9f8fb3d8dc086da47a6ca18fa43dc1
-
SHA512
d672633987af383cb23ea844de13f4692d3c1ea58a351e43a7efc7932abaea232a5c6d987d8b43fb0cf31f37bce054cf81535ec48b2bf05e38b82be3ea0c7470
Static task
static1
Behavioral task
behavioral1
Sample
c718e6eaa1a446e0a3d72b533b3552c4419e9e2c646e48a5cbfeb6a7ee88c3dc.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
c718e6eaa1a446e0a3d72b533b3552c4419e9e2c646e48a5cbfeb6a7ee88c3dc.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\\README.5bede5a3.TXT
darkside
https://ibb.co/j579HKQ
https://ibb.co/HNfwBXp
https://ibb.co/GTCknt9
https://ibb.co/s559W3C
https://ibb.co/LNgjXNT
https://ibb.co/r2QJ6fV
https://ibb.co/PQBRrTn
https://ibb.co/1851npy
https://ibb.co/yFWcMsm
https://ibb.co/1ZsVP9B
https://ibb.co/3CPYZ7K
http://darksidfqzcuhtk2.onion/V1WEX06KUR61Z0JUXM0R12HXQK71TWOKVVTURZMSESZQ9V8FI49X23M1NUSCSPQO
Targets
-
-
Target
c718e6eaa1a446e0a3d72b533b3552c4419e9e2c646e48a5cbfeb6a7ee88c3dc
-
Size
260KB
-
MD5
ce7b2f7008ab93c659494f2931160147
-
SHA1
ed2aec7ebbcb87059b707aa98bd300c8d75f3acd
-
SHA256
c718e6eaa1a446e0a3d72b533b3552c4419e9e2c646e48a5cbfeb6a7ee88c3dc
-
SHA512
6b81bd235ad199b01ee0801a3e14544a4a720ee0609aaa0df99415dcecf10a114219a96f79f57915701b3f6576ac7259d472519964516a1d92ee4023babab0fb
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-