General

  • Target

    2023-05-29_5c85eaa48fb27c6065abc120ba754448_darkside

  • Size

    145KB

  • Sample

    230530-msna3shb55

  • MD5

    5c85eaa48fb27c6065abc120ba754448

  • SHA1

    890785186c95a156dc6400a847dc6ac07888413b

  • SHA256

    cfc45c36b4c731f2308e19a087c3dc3fb7b12eef93e171e8e86e2134ead325ee

  • SHA512

    689418a69c15e1e969e83175ef5164380e6a79b962aa719397c94c52ea24aa340e674a16626c50cf9ce83febf6047b2ffeff3429f75d8a052867290eb6f0b2f8

  • SSDEEP

    3072:p6glyuxE4GsUPnliByocWepxJa3FS3LUMv:p6gDBGpvEByocWe3QMv

Malware Config

Targets

    • Target

      2023-05-29_5c85eaa48fb27c6065abc120ba754448_darkside

    • Size

      145KB

    • MD5

      5c85eaa48fb27c6065abc120ba754448

    • SHA1

      890785186c95a156dc6400a847dc6ac07888413b

    • SHA256

      cfc45c36b4c731f2308e19a087c3dc3fb7b12eef93e171e8e86e2134ead325ee

    • SHA512

      689418a69c15e1e969e83175ef5164380e6a79b962aa719397c94c52ea24aa340e674a16626c50cf9ce83febf6047b2ffeff3429f75d8a052867290eb6f0b2f8

    • SSDEEP

      3072:p6glyuxE4GsUPnliByocWepxJa3FS3LUMv:p6gDBGpvEByocWe3QMv

    • Renames multiple (4431) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (7820) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks