General
-
Target
filedump_svchost.exe
-
Size
512KB
-
Sample
220409-msbbhshbb4
-
MD5
650d18a78f30302a1e10f664a0d2cb0a
-
SHA1
c318776aefbd0156de1e6f7bba216d87e27c6341
-
SHA256
2c7d10f64dc39ea9bd6f18d9d1e1204f0c62324e8da148354d557bba17e3c615
-
SHA512
cb209a8c381e99c8adf49a2ea1caa0732da0ad5891b7b244dcf8540d677a03b7e912b4e121c25440a5bbf855a112b8c0061f0974922154c6bdf11eb176bd3c57
Static task
static1
Behavioral task
behavioral1
Sample
filedump_svchost.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
filedump_svchost.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
C:\\README.0ebf859b.TXT
darkside
http://darksidfqzcuhtk2.onion/GM0CG8TNZ83ZPUD15TL76BLDCG0ST24TR6NXG1J2AVXSKF8KS4KFIIN2ON5GRWD4
Targets
-
-
Target
filedump_svchost.exe
-
Size
512KB
-
MD5
650d18a78f30302a1e10f664a0d2cb0a
-
SHA1
c318776aefbd0156de1e6f7bba216d87e27c6341
-
SHA256
2c7d10f64dc39ea9bd6f18d9d1e1204f0c62324e8da148354d557bba17e3c615
-
SHA512
cb209a8c381e99c8adf49a2ea1caa0732da0ad5891b7b244dcf8540d677a03b7e912b4e121c25440a5bbf855a112b8c0061f0974922154c6bdf11eb176bd3c57
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-