General
-
Target
2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside
-
Size
146KB
-
Sample
240224-2cs9qagf6v
-
MD5
4fb4a10158fe5415e8e9468ec2d0dbbc
-
SHA1
095a4dd380e86c9d1e6ea0263368b908ee0e1d5d
-
SHA256
b8c53972ca8e7c683183a34b5a4e17f04d9bca80d8d2e156e99fb8973d41f6b9
-
SHA512
7092460ecf28dc9202481ba0849a8eb87cae92d9fff7b157e600ee219939d1bf7c534cd3a12ecab4c70e28c313a9f3413ae75398168aed8253147f3db5782b1e
-
SSDEEP
3072:EqJogYkcSNm9V7DR9+kanoBQOvBEEnbNgT:Eq2kc4m9tDR9lhv+EnJ
Behavioral task
behavioral1
Sample
2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
C:\8O1xgE2fH.README.txt
328N9mKT6xFe6uTvtpxeKSymgWCbbTGbK2
Targets
-
-
Target
2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside
-
Size
146KB
-
MD5
4fb4a10158fe5415e8e9468ec2d0dbbc
-
SHA1
095a4dd380e86c9d1e6ea0263368b908ee0e1d5d
-
SHA256
b8c53972ca8e7c683183a34b5a4e17f04d9bca80d8d2e156e99fb8973d41f6b9
-
SHA512
7092460ecf28dc9202481ba0849a8eb87cae92d9fff7b157e600ee219939d1bf7c534cd3a12ecab4c70e28c313a9f3413ae75398168aed8253147f3db5782b1e
-
SSDEEP
3072:EqJogYkcSNm9V7DR9+kanoBQOvBEEnbNgT:Eq2kc4m9tDR9lhv+EnJ
Score10/10-
Renames multiple (8892) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-