General
-
Target
2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside
-
Size
148KB
-
Sample
240225-1w649aeb8y
-
MD5
e6c711e9e99daf9d4b2bd783a41f4c46
-
SHA1
75d56beb4a588ffd5f7e78fce6ae4ad42450fbb4
-
SHA256
f0db0d23b83b54d8a565f8e9bd66b4ae7be8b2f8efffc471b6e5ef95298376e8
-
SHA512
5cb2ed283a37354f25727c5b4e1c3aa6b6c74d3adc45e28769170030ecbae34c8a1abfd409b91bfa5afcb0467b7e7d63f3f35d9cbc1b3d2318f5f00574813b94
-
SSDEEP
3072:R6glyuxE4GsUPnliByocWep45bKdgalP34HBaJppN:R6gDBGpvEByocWe2pwbuaJr
Behavioral task
behavioral1
Sample
2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
C:\x6HpDuwdD.README.txt
https://twitter.com/hashtag/lockbit?f=live
Extracted
C:\x6HpDuwdD.README.txt
https://twitter.com/hashtag/lockbit?f=live
Targets
-
-
Target
2024-02-25_e6c711e9e99daf9d4b2bd783a41f4c46_darkside
-
Size
148KB
-
MD5
e6c711e9e99daf9d4b2bd783a41f4c46
-
SHA1
75d56beb4a588ffd5f7e78fce6ae4ad42450fbb4
-
SHA256
f0db0d23b83b54d8a565f8e9bd66b4ae7be8b2f8efffc471b6e5ef95298376e8
-
SHA512
5cb2ed283a37354f25727c5b4e1c3aa6b6c74d3adc45e28769170030ecbae34c8a1abfd409b91bfa5afcb0467b7e7d63f3f35d9cbc1b3d2318f5f00574813b94
-
SSDEEP
3072:R6glyuxE4GsUPnliByocWep45bKdgalP34HBaJppN:R6gDBGpvEByocWe2pwbuaJr
Score10/10-
Renames multiple (365) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-