General
-
Target
afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
-
Size
59KB
-
Sample
221128-qc85dsag31
-
MD5
f75ba194742c978239da2892061ba1b4
-
SHA1
c43ee0cef6acee7d503f056764abc64d8f7ae9b9
-
SHA256
afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178
-
SHA512
56c2cc3d3fea0aeb370e44f473e3c48c939b64d6ce98de5b26d4d67cb5b94c3391e5e9c87546dd551f90d0f5e26e520e00958346eaa9d7e2f89cb6a174a86d96
-
SSDEEP
768:Qbj6iIq6oSqww3/T8K5UWCTxdCCDSbVrdNcxGV1yljOix3c:s6VqwwvAKa/TxoCODTV1yljOO
Static task
static1
Behavioral task
behavioral1
Sample
afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
C:\\README.d2b79c1e.TXT
darkside
http://darksidfqzcuhtk2.onion/B69Q1UI7FTR7GBNM08Y61RV3YKYIE62POYGBVE93EYFTPQZLWTXR4X7ZHS3U24ZJ
Targets
-
-
Target
afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178.exe
-
Size
59KB
-
MD5
f75ba194742c978239da2892061ba1b4
-
SHA1
c43ee0cef6acee7d503f056764abc64d8f7ae9b9
-
SHA256
afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178
-
SHA512
56c2cc3d3fea0aeb370e44f473e3c48c939b64d6ce98de5b26d4d67cb5b94c3391e5e9c87546dd551f90d0f5e26e520e00958346eaa9d7e2f89cb6a174a86d96
-
SSDEEP
768:Qbj6iIq6oSqww3/T8K5UWCTxdCCDSbVrdNcxGV1yljOix3c:s6VqwwvAKa/TxoCODTV1yljOO
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-