General
-
Target
2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside
-
Size
1.2MB
-
Sample
240224-c6ntnaff8y
-
MD5
4fde0fbcfdfcb2f4ff22cf7e15d5718d
-
SHA1
c488c491e4248941d5a22b66ca2c096e4fa8270f
-
SHA256
0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1
-
SHA512
9bca7790b48b51beb49978bb46d3c078c25bd5b4d7a397e9bfb16ad51b7648bf44c755c3e56b3f52f1ea133ca8388f92e0b4a308b6fd8b1af39893a6e53d4272
-
SSDEEP
24576:ZNxSJslvwqeH5TDdy6gGYXI152bFYEGsMOPRgH8vt+t7d1LeEqotPntpMWhP+c3O:ZbJ7IaOac4Mn3tAjXLz
Behavioral task
behavioral1
Sample
2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
C:\Users\Admin\xa1Xx3AXs.README.txt
328N9mKT6xFe6uTvtpxeKSymgWCbbTGbK2
Targets
-
-
Target
2024-02-24_4fde0fbcfdfcb2f4ff22cf7e15d5718d_darkside
-
Size
1.2MB
-
MD5
4fde0fbcfdfcb2f4ff22cf7e15d5718d
-
SHA1
c488c491e4248941d5a22b66ca2c096e4fa8270f
-
SHA256
0447c931bb8efc6dc531f69a891f2a0f28a85a18b25e04366fdb59bf827b2eb1
-
SHA512
9bca7790b48b51beb49978bb46d3c078c25bd5b4d7a397e9bfb16ad51b7648bf44c755c3e56b3f52f1ea133ca8388f92e0b4a308b6fd8b1af39893a6e53d4272
-
SSDEEP
24576:ZNxSJslvwqeH5TDdy6gGYXI152bFYEGsMOPRgH8vt+t7d1LeEqotPntpMWhP+c3O:ZbJ7IaOac4Mn3tAjXLz
Score10/10-
Detects executables packed with BoxedApp
-
Renames multiple (8925) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-