General
-
Target
2023-05-25_d8018c533bddc9a7c70e9a1b7cceaffc_darkside
-
Size
147KB
-
Sample
230527-c3mr7aaf2s
-
MD5
d8018c533bddc9a7c70e9a1b7cceaffc
-
SHA1
b48062131daa8a084919771c3b1fb2cab54dfa2e
-
SHA256
cb83eb6f5fd42f59b1c1a34826df48e5a5882c45e4a7f34c80c0830c26cb30dd
-
SHA512
23e723b9e19ebc5da100528cdec8ed971713d19144053fa236db373a0dac36a643d78cfc674620693374f585264b6d71821c6a1cdb16fb970fbe6a5fba16e852
-
SSDEEP
1536:MzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDRokw1QoYH7xeall66DhAEqoUyz:jqJogYkcSNm9V7DTkUl6kA9oT
Behavioral task
behavioral1
Sample
2023-05-25_d8018c533bddc9a7c70e9a1b7cceaffc_darkside.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-25_d8018c533bddc9a7c70e9a1b7cceaffc_darkside.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
C:\q9ziivUR8.README.txt
Targets
-
-
Target
2023-05-25_d8018c533bddc9a7c70e9a1b7cceaffc_darkside
-
Size
147KB
-
MD5
d8018c533bddc9a7c70e9a1b7cceaffc
-
SHA1
b48062131daa8a084919771c3b1fb2cab54dfa2e
-
SHA256
cb83eb6f5fd42f59b1c1a34826df48e5a5882c45e4a7f34c80c0830c26cb30dd
-
SHA512
23e723b9e19ebc5da100528cdec8ed971713d19144053fa236db373a0dac36a643d78cfc674620693374f585264b6d71821c6a1cdb16fb970fbe6a5fba16e852
-
SSDEEP
1536:MzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDRokw1QoYH7xeall66DhAEqoUyz:jqJogYkcSNm9V7DTkUl6kA9oT
Score10/10-
Renames multiple (324) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (606) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-