General
-
Target
2023-05-26_7ee9a995fa84386e7a8c975719c08892_darkside
-
Size
146KB
-
Sample
230527-ddyntsad78
-
MD5
7ee9a995fa84386e7a8c975719c08892
-
SHA1
de8ed35009edf0958928c531a9b49e0e1ab25083
-
SHA256
149d691411f10f8ec7af43f0237ccfab5b65a9ae73718acf1e0cc0dbdea36ebd
-
SHA512
8cd1a4f589a1e1cc132f06c458af435ec87ab37b04a005c980c59759632b04f329de2c7c80791802dd75fe62e2adf5cea87e555ac1e586da5ee96b6dd392ea76
-
SSDEEP
3072:I6glyuxE4GsUPnliByocWepfV+oOpy70FcT//3XUJ:I6gDBGpvEByocWepV+qCcDU
Behavioral task
behavioral1
Sample
2023-05-26_7ee9a995fa84386e7a8c975719c08892_darkside.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-26_7ee9a995fa84386e7a8c975719c08892_darkside.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
2023-05-26_7ee9a995fa84386e7a8c975719c08892_darkside
-
Size
146KB
-
MD5
7ee9a995fa84386e7a8c975719c08892
-
SHA1
de8ed35009edf0958928c531a9b49e0e1ab25083
-
SHA256
149d691411f10f8ec7af43f0237ccfab5b65a9ae73718acf1e0cc0dbdea36ebd
-
SHA512
8cd1a4f589a1e1cc132f06c458af435ec87ab37b04a005c980c59759632b04f329de2c7c80791802dd75fe62e2adf5cea87e555ac1e586da5ee96b6dd392ea76
-
SSDEEP
3072:I6glyuxE4GsUPnliByocWepfV+oOpy70FcT//3XUJ:I6gDBGpvEByocWepV+qCcDU
Score9/10-
Renames multiple (336) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (604) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-