darkside

Sharing

Copy URL

Twitter E-mail

General

Target

7X.rar
Size

49.6MB
Sample

230805-k3wzvsba95
MD5

1879ef3eb53c142b1ca86b6b46b969d2
SHA1

ccfa62487bbe3f3fa07c27b0f89d3435a5ee61af
SHA256

b38ab3b0242fdc7e0303f2f1511322344f2f4d342dc7f5a61147c00dfdbc408b
SHA512

0de0a46b35c17af8f7cb5954ee8e4f8a5c9bc1f15ceb8146776c6d635e47e686d672e76922ceffb805acb80d892a1939f150a3713de7ccd2f729c7d04e5ffc8c
SSDEEP

786432:jPQdMm6WfJ3TPUK0sYWN+5jo9bEVAUGztVrx5jPlbHIpvxXltdGkCTwDdtWkf:TRmjf9UHx5jx+zXPlLI1JLwkOQHf

Score

10^/10

Malware Config

Extracted

Path

C:\Users\README.8d5bc3f1.TXT

Family

darkside

Ransom Note

----------- [ Welcome to DarkSide - I-D Foods Corporation] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? ---------------------------------------------- We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one file for free. Go to the site and contact us. How to get access on website? ---------------------------------------------- Using a TOR browser: 1) Download and install TOR browser from this site: https://torproject.org/ 2) Open our website: http://darksidfqzcuhtk2.onion/LYID3U99RAJSTEYEFWS6SLYDGMUXKNAT3OPKN9D56PIGX1QHBU5DHGUN4HGMX2IW When you open our website, put the following data in the input form: Key: 9NtjyWHbqWYTbhBpJ2ht4tKo7DQgTGmQ4IGHCFvgjiSMTNopVgQ9YIh9KRWkQgmvxviZtJGOakzykMzWKRgxwf2pCxpdMT8iGlKcsSOsxVOUXIGEgpy6tLqliTTEKWnohcYOhCF3DYMePMxEYa0eCmED1EXEG5QOZCpmkgDl5s5VSUF5uhnKsunUtKGS24iEAr2hxsJ1zMcMHmKVrf3bvRyhYVKXwlXVggxE7ncowldcK3v3CiKC24jKVd6OH5QrhVyyQLrFM5RE3Y0RcTeRTIqf1J5CIEhTiG3TH7SEpws4wfkt9RZ7rBWT4n3B69Z9JuPzyFCBwPKF7gTzEYzixIGzFbJyLSZXff9ryv3yL3JeKywAcoBafos0dLSkRgf1X1a1S2ud4kXa5GRU4W7rhCQsnJ8vAcv1AXaPRq9ESySBWQdGCQMSci0ex0oE4EfCDW3jjyXtaPofqNFhibodJFmOyTKwie1OcW6Kh6Ih6JxXXfUXr4VbRILzsiPXsOTTisDaEicID1E0SJRluBus2UhPyogJiZ7UpmUu9LUe3yAi3Bhox3pLv8E !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!

URLs

http://darksidfqzcuhtk2.onion/LYID3U99RAJSTEYEFWS6SLYDGMUXKNAT3OPKN9D56PIGX1QHBU5DHGUN4HGMX2IW

Targets

- Target
  
  7X/1PGNZ8NZG6RCE9.exe
- Size
  
  10.1MB
- MD5
  
  6e6339c7960e973ae81e0bf3a1530f23
- SHA1
  
  21b3719fd440d59c5a57800c7a92fadf3c42a258
- SHA256
  
  8d51d18c32bfc42a4e1722f885f3c1c03c3eb7de68f8f2df49a5fdb868e8e1ea
- SHA512
  
  c5d9750de294db5dc7ee095adc2faa568ae4ee55e6e8db9a0e945f73f9a320a4d30ebda57bd291859a46111d836a7c0bcd4498ed8e8d19f8b7e7fa378117de9c
- SSDEEP
  
  196608:+LDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:MDnaOyRQETSBvJSOq62YHtFHN
Score

10^/10

darkside ransomware spyware stealer
- DarkSide
  Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
  ransomware darkside
- Renames multiple (183) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2
- Target
  
  7X/E4G24DU1GQR.exe
- Size
  
  10.1MB
- MD5
  
  274ac4d59e5bf71927f1013b270c7eab
- SHA1
  
  b5a568e19c3cf5b7e26673d5eb3c77bd146a2ecb
- SHA256
  
  97646796eab26c2005511c2939821bbdc624afb4704450ba3b2ef91b122c01a5
- SHA512
  
  e7247d76a447ff8f524c572f6006fcb04af5c9bb8b51db3d969971000050d67efbba34e596a11467b76a0b5f850709ad941c3e6cd79b61e7dc4ce395bcc5bba0
- SSDEEP
  
  196608:/NDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:lDnaOyRQETSBvJSOq62YHtFHN
Score

10^/10

darkside ransomware spyware stealer
- DarkSide
  Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
  ransomware darkside
- Renames multiple (160) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral3 behavioral4
- Target
  
  7X/SMF5YO6UKC5CA0WZ4.exe
- Size
  
  10.1MB
- MD5
  
  b03269de34a91507bcc3d3ac08164963
- SHA1
  
  1911081f70c3bf9330a0643809af5e19877cf485
- SHA256
  
  4bff93a45ae905d1da538b8a27ac077aba9c9cae3026507c68f93bda0d491944
- SHA512
  
  1d5366c238a191829d76182b11a66dd8ceb63de4fbee5e9d2f38d7229c7d9e530ca7310856e66bd52ba7ed8fb2e944fc06e322eaf778faadfd9aee2802e0513e
- SSDEEP
  
  196608:yLDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:yDnaOyRQETSBvJSOq62YHtFHN
Score

10^/10

darkside ransomware spyware stealer
- DarkSide
  Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
  ransomware darkside
- Renames multiple (166) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral5 behavioral6
- Target
  
  7X/UTNL9P7TICJ.exe
- Size
  
  10.1MB
- MD5
  
  a166f68bed48f5795052877385d5108b
- SHA1
  
  52f31c677175738ff0a9511ca0cdc1cbad475c47
- SHA256
  
  afbb63f1ca2ef72ee79890a99fa695115323b87937d45b1b4c860c743c6fd83f
- SHA512
  
  a8f0c477374366062d78eda1cd727d8844878ea7185c2299903b3b75c13998cec1644c14bb9e4b0e321057b9a0f6390c6a68a19d59c79d7330661a7022e0f30a
- SSDEEP
  
  196608:KvDna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:6DnaOyRQETSBvJSOq62YHtFHN
Score

7^/10
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  7X/om6osj7p9.exe
- Size
  
  10.1MB
- MD5
  
  60e4584ef6e476cb4913ff10b4407163
- SHA1
  
  18e657cf23af9c0cddb91f87375d4e67ac5f972d
- SHA256
  
  62af63c631b2f5a4d25ede64b783a0059d7b81aa17af33fb9bac7c758c91b46e
- SHA512
  
  ebe6189915dc76d9ed2c0640d37c8f8f237fd3a9277b54a6d5ada9ab0013e89674872270203e49fb735334f5763d380bf78a9ef709892e21aa8055188b121185
- SSDEEP
  
  196608:f3Dna+butR4FMIZETSt3jPePdrQJ2BNOq62gAqYPYgUFHN:vDnaOyRQETSBvJSOq62YHtFHN
Score

10^/10

darkside ransomware spyware stealer
- DarkSide
  Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
  ransomware darkside
- Renames multiple (168) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Renames multiple (183) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Sets desktop wallpaper using registry

DarkSide

Renames multiple (160) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Sets desktop wallpaper using registry

DarkSide

Renames multiple (166) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Sets desktop wallpaper using registry

Loads dropped DLL

DarkSide

Renames multiple (168) files with added filename extension

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10