General
-
Target
DarkSide.7z
-
Size
4.5MB
-
Sample
220620-rtsz6sgba4
-
MD5
0147464a9d740a7930042fd3643d5011
-
SHA1
613e7f107e8cb5aed97c3bdc2dc280b297fd49bf
-
SHA256
ad6e601436d1572713834a6b2ca72929b8b6113cba528f71c9a8d0f6642d7895
-
SHA512
bc6e34e496c413193f83d277dddf95e8da317ccbcd904b575d3c5b08126d15fcece156427c154992c73d753d74908d2108837c19871bf2073908c6c14f2d071f
Static task
static1
Behavioral task
behavioral1
Sample
DarkSide.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DarkSide.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\\README.06f7cdb8.TXT
darkside
http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion/162/thedixiegroup/LCfyHRcwffrYTblpZvoPO3XDbrYPcNu0wVAsH5p49LSjBfzTmtdXT48azXFlMu7q
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/W57MRI9C7YZJUZEABBBYRQLSUTG22JZ9MAH0WT1ISHC405KP7Z2UWY3AI3J68DNM
Targets
-
-
Target
DarkSide.exe
-
Size
4.7MB
-
MD5
b34010208e075dac2192ba0f3e61592d
-
SHA1
4416ee79f590d1022228dc93e12ba95f1a3c3f55
-
SHA256
53c3d0ca523873e7b918f25e612c43bf66e9acb7af9ba748575288f765782863
-
SHA512
a76d1dd5981b5ba6248f09a109143491b73219066775dd87bb3ffa22550c6bbfe51371191eb7a94623b2a922a1041765cd87975f1ec71ae56e6832e4698a6ceb
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
suricata: ET MALWARE Observed DarkSide Ransomware Domain (baroquetees .com in TLS SNI)
suricata: ET MALWARE Observed DarkSide Ransomware Domain (baroquetees .com in TLS SNI)
-
suricata: ET MALWARE Observed DarkSide Ransomware Domain (rumahsia .com in TLS SNI)
suricata: ET MALWARE Observed DarkSide Ransomware Domain (rumahsia .com in TLS SNI)
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-