Overview

overview

10

Static

static

3

jcwkt40g739rj.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    jcwkt40g739rj.exe

  • Size

    10.1MB

  • Sample

    230804-wke46sef7z

  • MD5

    b3ef88b26481643652a502b73604a6a6

  • SHA1

    4dc55ab8020ff9be948c37d20a67740113098d1c

  • SHA256

    60e3d2acdc871883cc0b5cd36e5682da783cc53473de9ff2d0f84a9b6e77985d

  • SHA512

    d58e71f9bc61199a5dd233ff2f989ef19a7fb3e1d27557c08cba640d251c12e872b559baf90a1efacab08a0e5974c06cebddd8149afab6daefb8e85ffa6e19f1

  • SSDEEP

    196608:6SDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:JDnaOyRQETSBvJSOq62YHtFHN

Score
10/10
darksidepyinstallerransomware

Malware Config

Extracted

Path

C:\Users\README.6d39d91a.TXT

Family

darkside

Ransom Note
----------- [ Welcome to DarkSide - I-D Foods Corporation] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? ---------------------------------------------- We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one file for free. Go to the site and contact us. How to get access on website? ---------------------------------------------- Using a TOR browser: 1) Download and install TOR browser from this site: https://torproject.org/ 2) Open our website: http://darksidfqzcuhtk2.onion/LYID3U99RAJSTEYEFWS6SLYDGMUXKNAT3OPKN9D56PIGX1QHBU5DHGUN4HGMX2IW When you open our website, put the following data in the input form: Key: 9NtjyWHbqWYTbhBpJ2ht4tKo7DQgTGmQ4IGHCFvgjiSMTNopVgQ9YIh9KRWkQgmvxviZtJGOakzykMzWKRgxwf2pCxpdMT8iGlKcsSOsxVOUXIGEgpy6tLqliTTEKWnohcYOhCF3DYMePMxEYa0eCmED1EXEG5QOZCpmkgDl5s5VSUF5uhnKsunUtKGS24iEAr2hxsJ1zMcMHmKVrf3bvRyhYVKXwlXVggxE7ncowldcK3v3CiKC24jKVd6OH5QrhVyyQLrFM5RE3Y0RcTeRTIqf1J5CIEhTiG3TH7SEpws4wfkt9RZ7rBWT4n3B69Z9JuPzyFCBwPKF7gTzEYzixIGzFbJyLSZXff9ryv3yL3JeKywAcoBafos0dLSkRgf1X1a1S2ud4kXa5GRU4W7rhCQsnJ8vAcv1AXaPRq9ESySBWQdGCQMSci0ex0oE4EfCDW3jjyXtaPofqNFhibodJFmOyTKwie1OcW6Kh6Ih6JxXXfUXr4VbRILzsiPXsOTTisDaEicID1E0SJRluBus2UhPyogJiZ7UpmUu9LUe3yAi3Bhox3pLv8E !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!
URLs

http://darksidfqzcuhtk2.onion/LYID3U99RAJSTEYEFWS6SLYDGMUXKNAT3OPKN9D56PIGX1QHBU5DHGUN4HGMX2IW

Targets

    • Target

      jcwkt40g739rj.exe

    • Size

      10.1MB

    • MD5

      b3ef88b26481643652a502b73604a6a6

    • SHA1

      4dc55ab8020ff9be948c37d20a67740113098d1c

    • SHA256

      60e3d2acdc871883cc0b5cd36e5682da783cc53473de9ff2d0f84a9b6e77985d

    • SHA512

      d58e71f9bc61199a5dd233ff2f989ef19a7fb3e1d27557c08cba640d251c12e872b559baf90a1efacab08a0e5974c06cebddd8149afab6daefb8e85ffa6e19f1

    • SSDEEP

      196608:6SDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:JDnaOyRQETSBvJSOq62YHtFHN

    Score
    10/10
    darksideransomware

    • DarkSide

      Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.

      ransomwaredarkside

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix

Tasks