General
-
Target
f764c49daffdacafa94aaece1d5094e0fac794639758e673440329b02c0fda39
-
Size
59KB
-
Sample
220131-gphcrsgeb8
-
MD5
66ddb290df3d510a6001365c3a694de2
-
SHA1
77b9103d4af311ba76511144d47aed440ae6ce9f
-
SHA256
f764c49daffdacafa94aaece1d5094e0fac794639758e673440329b02c0fda39
-
SHA512
bd1ecb3ce3e49c495f354a27fd17089b2bc77e3a96b15f28be4c877d2e49dfa1c193a3370a84ec4060f1c2517b2338e2b11cae680e67e9fb5e59367efb67a7ee
Static task
static1
Behavioral task
behavioral1
Sample
f764c49daffdacafa94aaece1d5094e0fac794639758e673440329b02c0fda39.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f764c49daffdacafa94aaece1d5094e0fac794639758e673440329b02c0fda39.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\\README.5bede5a3.TXT
darkside
http://darksidfqzcuhtk2.onion/45FYQLKAX0QTR144EDUI3VOVH2B3SQ0TZM0G7MXX3YUGDSA3AZA9XNNTCMD1H4CN
Targets
-
-
Target
f764c49daffdacafa94aaece1d5094e0fac794639758e673440329b02c0fda39
-
Size
59KB
-
MD5
66ddb290df3d510a6001365c3a694de2
-
SHA1
77b9103d4af311ba76511144d47aed440ae6ce9f
-
SHA256
f764c49daffdacafa94aaece1d5094e0fac794639758e673440329b02c0fda39
-
SHA512
bd1ecb3ce3e49c495f354a27fd17089b2bc77e3a96b15f28be4c877d2e49dfa1c193a3370a84ec4060f1c2517b2338e2b11cae680e67e9fb5e59367efb67a7ee
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-