General
-
Target
2024-02-08_aae474786148d8f135bfca55a7d2a507_darkside
-
Size
146KB
-
Sample
240208-pvnqqsdc6y
-
MD5
aae474786148d8f135bfca55a7d2a507
-
SHA1
c058a6541b620a2c52cd11e31669196fa1ad84bb
-
SHA256
7cde51ab642c810f492663ed66ad100cf92d38245171beda7dc176588fc4e811
-
SHA512
c4587bbeee3614d2ab41c245de06c28dd458302e2aeda2884b3a7e05b256731278582308cb56f30ed8008a5a2761f86465b721d1abee4726cf758b6024a90cf6
-
SSDEEP
3072:C6glyuxE4GsUPnliByocWepcJMls8wY6tt5:C6gDBGpvEByocWeXsLx5
Behavioral task
behavioral1
Sample
2024-02-08_aae474786148d8f135bfca55a7d2a507_darkside.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2024-02-08_aae474786148d8f135bfca55a7d2a507_darkside.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
2024-02-08_aae474786148d8f135bfca55a7d2a507_darkside
-
Size
146KB
-
MD5
aae474786148d8f135bfca55a7d2a507
-
SHA1
c058a6541b620a2c52cd11e31669196fa1ad84bb
-
SHA256
7cde51ab642c810f492663ed66ad100cf92d38245171beda7dc176588fc4e811
-
SHA512
c4587bbeee3614d2ab41c245de06c28dd458302e2aeda2884b3a7e05b256731278582308cb56f30ed8008a5a2761f86465b721d1abee4726cf758b6024a90cf6
-
SSDEEP
3072:C6glyuxE4GsUPnliByocWepcJMls8wY6tt5:C6gDBGpvEByocWeXsLx5
Score9/10-
Renames multiple (8019) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-