General
-
Target
jcwkt40g739rj.exe
-
Size
10.1MB
-
Sample
230804-wke46sef7z
-
MD5
b3ef88b26481643652a502b73604a6a6
-
SHA1
4dc55ab8020ff9be948c37d20a67740113098d1c
-
SHA256
60e3d2acdc871883cc0b5cd36e5682da783cc53473de9ff2d0f84a9b6e77985d
-
SHA512
d58e71f9bc61199a5dd233ff2f989ef19a7fb3e1d27557c08cba640d251c12e872b559baf90a1efacab08a0e5974c06cebddd8149afab6daefb8e85ffa6e19f1
-
SSDEEP
196608:6SDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:JDnaOyRQETSBvJSOq62YHtFHN
Behavioral task
behavioral1
Sample
jcwkt40g739rj.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
C:\Users\README.6d39d91a.TXT
darkside
http://darksidfqzcuhtk2.onion/LYID3U99RAJSTEYEFWS6SLYDGMUXKNAT3OPKN9D56PIGX1QHBU5DHGUN4HGMX2IW
Targets
-
-
Target
jcwkt40g739rj.exe
-
Size
10.1MB
-
MD5
b3ef88b26481643652a502b73604a6a6
-
SHA1
4dc55ab8020ff9be948c37d20a67740113098d1c
-
SHA256
60e3d2acdc871883cc0b5cd36e5682da783cc53473de9ff2d0f84a9b6e77985d
-
SHA512
d58e71f9bc61199a5dd233ff2f989ef19a7fb3e1d27557c08cba640d251c12e872b559baf90a1efacab08a0e5974c06cebddd8149afab6daefb8e85ffa6e19f1
-
SSDEEP
196608:6SDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:JDnaOyRQETSBvJSOq62YHtFHN
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Executes dropped EXE
-
Loads dropped DLL
-