General
-
Target
2024-02-23_951a7673b6ad24bfcbf086db0873c7f4_darkside
-
Size
146KB
-
Sample
240223-b7msbahe8z
-
MD5
951a7673b6ad24bfcbf086db0873c7f4
-
SHA1
67275f726f320df71bbeed04804571cf9e73eb42
-
SHA256
a50d9954c0a50e5804065a8165b18571048160200249766bfa2f75d03c8cb6d0
-
SHA512
3b358dd9eb8fa2d18fd436351f21d33dfe5e30057edd9df2e242b1520b447c5efcaa964cb6a8024ed2cff6ff6e60c1f751efc1c9fd8e430352e960d820f6ad36
-
SSDEEP
1536:izICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDstorzC23uqOKqpGX+1KBh+QHzT:hqJogYkcSNm9V7D1O9FpN12h+QTT
Behavioral task
behavioral1
Sample
2024-02-23_951a7673b6ad24bfcbf086db0873c7f4_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-23_951a7673b6ad24bfcbf086db0873c7f4_darkside.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
C:\2zAdN8qob.README.txt
Extracted
C:\2zAdN8qob.README.txt
Targets
-
-
Target
2024-02-23_951a7673b6ad24bfcbf086db0873c7f4_darkside
-
Size
146KB
-
MD5
951a7673b6ad24bfcbf086db0873c7f4
-
SHA1
67275f726f320df71bbeed04804571cf9e73eb42
-
SHA256
a50d9954c0a50e5804065a8165b18571048160200249766bfa2f75d03c8cb6d0
-
SHA512
3b358dd9eb8fa2d18fd436351f21d33dfe5e30057edd9df2e242b1520b447c5efcaa964cb6a8024ed2cff6ff6e60c1f751efc1c9fd8e430352e960d820f6ad36
-
SSDEEP
1536:izICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDstorzC23uqOKqpGX+1KBh+QHzT:hqJogYkcSNm9V7D1O9FpN12h+QTT
Score10/10-
Renames multiple (311) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-