General
-
Target
2024-02-24_2c93d9140330805fa14abc112bcc7a17_darkside
-
Size
146KB
-
Sample
240224-e5lzsahc46
-
MD5
2c93d9140330805fa14abc112bcc7a17
-
SHA1
e1f42c206416534b541ab35258798dd4abfae3c8
-
SHA256
8b6946cca11e9507df8234e0c68567f19a893c3f08b1d384b88808846d67d7eb
-
SHA512
558900cdcd5250a945f3c1cb9bc7aec547213c092535674fc975cda840d4f5d6fb994f8690f065b3caee14f9ca016a129b5b43db035a27ad066fd6adbeaad74c
-
SSDEEP
3072:Y6glyuxE4GsUPnliByocWepgzJ3+Kz7djMuMFV+:Y6gDBGpvEByocWe2J3+KzxjMJFE
Behavioral task
behavioral1
Sample
2024-02-24_2c93d9140330805fa14abc112bcc7a17_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-24_2c93d9140330805fa14abc112bcc7a17_darkside.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
C:\gXokUr0LJ.README.txt
Extracted
C:\gXokUr0LJ.README.txt
Targets
-
-
Target
2024-02-24_2c93d9140330805fa14abc112bcc7a17_darkside
-
Size
146KB
-
MD5
2c93d9140330805fa14abc112bcc7a17
-
SHA1
e1f42c206416534b541ab35258798dd4abfae3c8
-
SHA256
8b6946cca11e9507df8234e0c68567f19a893c3f08b1d384b88808846d67d7eb
-
SHA512
558900cdcd5250a945f3c1cb9bc7aec547213c092535674fc975cda840d4f5d6fb994f8690f065b3caee14f9ca016a129b5b43db035a27ad066fd6adbeaad74c
-
SSDEEP
3072:Y6glyuxE4GsUPnliByocWepgzJ3+Kz7djMuMFV+:Y6gDBGpvEByocWe2J3+KzxjMJFE
Score10/10-
Renames multiple (333) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-