General
-
Target
chrome_setup.msi
-
Size
304KB
-
Sample
240127-ywzn3achhm
-
MD5
6b63f4f44ed6a243acbf0ee18c5fb5a2
-
SHA1
3d6e13fa319d4de1393c23579753833260b3ef2e
-
SHA256
e34cf173d4a9a9f8c1556c52de1410f3086a1c3f080ea1a8f52726394277a994
-
SHA512
ba1811c4556d8bd113563d4c175795f6d76b48faa259915a30a341ac425cfa309d74d8028749fe5b87eaf26332136657aae5e34e0db08054f689276db746e809
-
SSDEEP
3072:NspAtO9mXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8hIZEZnWv:vtO9iRQYpgjpjew5DHyGxcqo8f
Static task
static1
Behavioral task
behavioral1
Sample
chrome_setup.msi
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
chrome_setup.msi
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
chrome_setup.msi
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
chrome_setup.msi
Resource
win11-20231222-en
Malware Config
Extracted
C:\README.334cdd42.TXT
darkside
http://dark24vx6fsmdrtbzdzjv6ckz4yqyued4uz455oqpctko7m6vbrzibad.onion/XES2TUV3A9QL89IS7QX91V7TYSF13ASPGB2TASQ68R9Z6QYH69OVY833QSRSFU4I
Targets
-
-
Target
chrome_setup.msi
-
Size
304KB
-
MD5
6b63f4f44ed6a243acbf0ee18c5fb5a2
-
SHA1
3d6e13fa319d4de1393c23579753833260b3ef2e
-
SHA256
e34cf173d4a9a9f8c1556c52de1410f3086a1c3f080ea1a8f52726394277a994
-
SHA512
ba1811c4556d8bd113563d4c175795f6d76b48faa259915a30a341ac425cfa309d74d8028749fe5b87eaf26332136657aae5e34e0db08054f689276db746e809
-
SSDEEP
3072:NspAtO9mXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8hIZEZnWv:vtO9iRQYpgjpjew5DHyGxcqo8f
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Renames multiple (177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-