General
-
Target
2023-05-29_f9e0a7bba7c83ccb3006ecd0e9111ab4_darkside
-
Size
146KB
-
Sample
230530-msna3shb56
-
MD5
f9e0a7bba7c83ccb3006ecd0e9111ab4
-
SHA1
59b9f82ccad40bae1c9a98d6eb42a4adb0d45817
-
SHA256
4d0f95028bb6a04e64550872ddeef6b0c6fa4a5bd368736da47401420df2bee7
-
SHA512
1df47dfe924b4cc264d40f6b723e7f8d18f5290b107329985b66eaacaa0bda861e3e06f0189338455293b57dd9d2ab5b63336631bd19917bdd2f9e5706b40057
-
SSDEEP
3072:P6glyuxE4GsUPnliByocWeph5t+ASsSkmbz:P6gDBGpvEByocWejCASscz
Behavioral task
behavioral1
Sample
2023-05-29_f9e0a7bba7c83ccb3006ecd0e9111ab4_darkside.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-05-29_f9e0a7bba7c83ccb3006ecd0e9111ab4_darkside.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
2023-05-29_f9e0a7bba7c83ccb3006ecd0e9111ab4_darkside
-
Size
146KB
-
MD5
f9e0a7bba7c83ccb3006ecd0e9111ab4
-
SHA1
59b9f82ccad40bae1c9a98d6eb42a4adb0d45817
-
SHA256
4d0f95028bb6a04e64550872ddeef6b0c6fa4a5bd368736da47401420df2bee7
-
SHA512
1df47dfe924b4cc264d40f6b723e7f8d18f5290b107329985b66eaacaa0bda861e3e06f0189338455293b57dd9d2ab5b63336631bd19917bdd2f9e5706b40057
-
SSDEEP
3072:P6glyuxE4GsUPnliByocWeph5t+ASsSkmbz:P6gDBGpvEByocWejCASscz
Score9/10-
Renames multiple (346) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (620) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-