General
-
Target
2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
-
Size
55KB
-
Sample
220315-1tr8bagca5
-
MD5
edb5670581d49771d180940c4d1179b1
-
SHA1
e691a8ecda87157a9cf96fbe4df8f819922e34db
-
SHA256
2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0
-
SHA512
a7fb450f08e68b46288da5f4d2e4d96628161e5aadf01286e3f4f9c045880b0092480431b0a7b1cc22c954a46020b9bd00f5bb3de2dc873c1e202f39d9c6d708
Static task
static1
Behavioral task
behavioral1
Sample
2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\\README.f6cf1b4f.TXT
darkside
http://dark24vx6fsmdrtbzdzjv6ckz4yqyued4uz455oqpctko7m6vbrzibad.onion/1YIRHSV68TT7RTL4GR0DT8F0H5J0OVFW64FAB4ROL3ML25HUD7SMAB3MM5L4P7VW
Targets
-
-
Target
2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0.exe
-
Size
55KB
-
MD5
edb5670581d49771d180940c4d1179b1
-
SHA1
e691a8ecda87157a9cf96fbe4df8f819922e34db
-
SHA256
2d82be244e23001148ed5a6d83856b6f7cd20c3f7786481303d5d584c51ff5f0
-
SHA512
a7fb450f08e68b46288da5f4d2e4d96628161e5aadf01286e3f4f9c045880b0092480431b0a7b1cc22c954a46020b9bd00f5bb3de2dc873c1e202f39d9c6d708
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-