General
-
Target
58a513f83af2b326c313b41de94e8e172d538f5d4d8be71965b664ad4b260f94
-
Size
59KB
-
Sample
220204-h4bn7sfcek
-
MD5
aa07a3956b6b56f133c4cea5be4416ae
-
SHA1
9ffacbbb4ad0e6baecc582535a9d456b1654279f
-
SHA256
58a513f83af2b326c313b41de94e8e172d538f5d4d8be71965b664ad4b260f94
-
SHA512
f7c3dbc27d8506207e6b2af14ca044efbf48d0d5c61c72e70bf1757cbf50ef482073dcae8faf760f91cdd10a642b0bc37fb0f17ca5cdd7f15638f0ec0f32a4f5
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\\README.5bede5a3.TXT
darkside
http://darksidfqzcuhtk2.onion/LYID3U99RAJSTEYEFWS6SLYDGMUXKNAT3OPKN9D56PIGX1QHBU5DHGUN4HGMX2IW
Targets
-
-
Target
sample
-
Size
59KB
-
MD5
0ed51a595631e9b4d60896ab5573332f
-
SHA1
7ae73b5e1622049380c9b615ce3b7f636665584b
-
SHA256
243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60
-
SHA512
9bfd6318b120c05d9a42a456511efc59f2be5ad451baa6d19d5de776e2ff74dbee444c85478ee7cfdbf705517cc147cd64c6814965f76c740fe1924594a37cb5
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets service image path in registry
-
Sets desktop wallpaper using registry
-