General
-
Target
240224-2cs9qagf6v_pw_infected.zip
-
Size
97KB
-
Sample
240224-2p1vbsgh9s
-
MD5
ab14ad522014c4bd0b710d8fe4a5996b
-
SHA1
35026a86be29161507dfddaa6e110420b2971295
-
SHA256
e51155ce803bd9b96b91c822e41969c89e0c9e162aebc7643c23ed9489eb75b4
-
SHA512
d6be06d567199dfef76b17503e9580776b1edf3c8340040e8fadd1a5b202ee84954fab58678e7a4581e4a9746e51f43842d5a7616018d343df601e5ca38b42c0
-
SSDEEP
3072:GHz3VBGxh2CqEgIOH/boAWwKZE0ljVZ90+4Bgn3Q847:8Bc2CTsfJ0lTK+wgngV
Behavioral task
behavioral1
Sample
2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
C:\8O1xgE2fH.README.txt
328N9mKT6xFe6uTvtpxeKSymgWCbbTGbK2
Targets
-
-
Target
2024-02-24_4fb4a10158fe5415e8e9468ec2d0dbbc_darkside
-
Size
146KB
-
MD5
4fb4a10158fe5415e8e9468ec2d0dbbc
-
SHA1
095a4dd380e86c9d1e6ea0263368b908ee0e1d5d
-
SHA256
b8c53972ca8e7c683183a34b5a4e17f04d9bca80d8d2e156e99fb8973d41f6b9
-
SHA512
7092460ecf28dc9202481ba0849a8eb87cae92d9fff7b157e600ee219939d1bf7c534cd3a12ecab4c70e28c313a9f3413ae75398168aed8253147f3db5782b1e
-
SSDEEP
3072:EqJogYkcSNm9V7DR9+kanoBQOvBEEnbNgT:Eq2kc4m9tDR9lhv+EnJ
Score10/10-
Renames multiple (10647) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-