Resubmissions
02-02-2022 05:52
220202-gkv33aggfr 1002-02-2022 05:47
220202-gg54vsggej 1002-02-2022 05:04
220202-fqg8qagcfl 1002-02-2022 05:01
220202-fnve9sgcck 1002-02-2022 04:58
220202-fl8j4sgeh6 1002-02-2022 04:52
220202-fhc9ssged6 1002-02-2022 04:44
220202-fc77zsgahr 1002-02-2022 04:39
220202-e95mpagacp 10General
-
Target
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673.sample
-
Size
54KB
-
Sample
220202-fnve9sgcck
-
MD5
f587adbd83ff3f4d2985453cd45c7ab1
-
SHA1
2715340f82426f840cf7e460f53a36fc3aad52aa
-
SHA256
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673
-
SHA512
37acf3c7a0b52421b4b33b14e5707497cfc52e57322ad9ffac87d0551220afc202d4c0987460d295077b9ee681fac2021bbfdebdc52c829b5f998ce7ac2d1efe
Static task
static1
Behavioral task
behavioral1
Sample
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673.dll
Resource
win10-en-20211208
Malware Config
Extracted
C:\\README.a97d73e3.TXT
darkside
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/ZWQHXVE7MW9JXE5N1EGIP6IMEFAGC7LNN6WJCBVKJFKB5QXP6LUZV654ASG7977V
Targets
-
-
Target
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673.sample
-
Size
54KB
-
MD5
f587adbd83ff3f4d2985453cd45c7ab1
-
SHA1
2715340f82426f840cf7e460f53a36fc3aad52aa
-
SHA256
156335b95ba216456f1ac0894b7b9d6ad95404ac7df447940f21646ca0090673
-
SHA512
37acf3c7a0b52421b4b33b14e5707497cfc52e57322ad9ffac87d0551220afc202d4c0987460d295077b9ee681fac2021bbfdebdc52c829b5f998ce7ac2d1efe
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops file in System32 directory
-