General
-
Target
47d19d8876bd39f1038746379dce3926.exe
-
Size
33KB
-
Sample
221129-dmwktsdf4v
-
MD5
47d19d8876bd39f1038746379dce3926
-
SHA1
2401210fe6a163da4a873d2650df73a73d190236
-
SHA256
a82aec54cad176b368967fa8e41e41a8129ffafe6ab627312e111e63605b8478
-
SHA512
8180be15f2d3e4203fad7e9bfdc0488feef2e205cf407c383d9f3bf4c846a17133b22048cd442d870a1993a1e10706467eb6334331dd46d006e8ffecb60358ef
-
SSDEEP
768:WL5FXM/yQkMoKBFYQpP7zvoqskGvfIoTMSkaRrWzn3gAMi0WC4I:Ec6Q6mRAqskGvfkaRrWzXrL
Behavioral task
behavioral1
Sample
47d19d8876bd39f1038746379dce3926.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
47d19d8876bd39f1038746379dce3926.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
C:\\README.fcfbc378.TXT
darkside
http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion/162/thedixiegroup/LCfyHRcwffrYTblpZvoPO3XDbrYPcNu0wVAsH5p49LSjBfzTmtdXT48azXFlMu7q
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/W57MRI9C7YZJUZEABBBYRQLSUTG22JZ9MAH0WT1ISHC405KP7Z2UWY3AI3J68DNM
Targets
-
-
Target
47d19d8876bd39f1038746379dce3926.exe
-
Size
33KB
-
MD5
47d19d8876bd39f1038746379dce3926
-
SHA1
2401210fe6a163da4a873d2650df73a73d190236
-
SHA256
a82aec54cad176b368967fa8e41e41a8129ffafe6ab627312e111e63605b8478
-
SHA512
8180be15f2d3e4203fad7e9bfdc0488feef2e205cf407c383d9f3bf4c846a17133b22048cd442d870a1993a1e10706467eb6334331dd46d006e8ffecb60358ef
-
SSDEEP
768:WL5FXM/yQkMoKBFYQpP7zvoqskGvfIoTMSkaRrWzn3gAMi0WC4I:Ec6Q6mRAqskGvfkaRrWzXrL
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-