General
-
Target
d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46
-
Size
56KB
-
Sample
220124-asq1raggc9
-
MD5
248cecd1ffa1f5de46d8643a1e96e9a8
-
SHA1
8da9d2c2a06720daec54a2490e1f6942177d1de4
-
SHA256
d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46
-
SHA512
7d55504c652fffdf2ebeb392c855882035fae71a8ab936ba859bcd69163567c35d60fabfca271890213c1779284bc41bdbf771e10cbf5661008a7c45e3973703
Static task
static1
Behavioral task
behavioral1
Sample
d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\\README.a97d73e3.TXT
darkside
http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion/162/thedixiegroup/LCfyHRcwffrYTblpZvoPO3XDbrYPcNu0wVAsH5p49LSjBfzTmtdXT48azXFlMu7q
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/W57MRI9C7YZJUZEABBBYRQLSUTG22JZ9MAH0WT1ISHC405KP7Z2UWY3AI3J68DNM
Targets
-
-
Target
d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46
-
Size
56KB
-
MD5
248cecd1ffa1f5de46d8643a1e96e9a8
-
SHA1
8da9d2c2a06720daec54a2490e1f6942177d1de4
-
SHA256
d97c0b6ee613e03aa3256fcdd3757e54ba4c7bb5910887247dc857f2701f9a46
-
SHA512
7d55504c652fffdf2ebeb392c855882035fae71a8ab936ba859bcd69163567c35d60fabfca271890213c1779284bc41bdbf771e10cbf5661008a7c45e3973703
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-