General
-
Target
2024-03-11_52d4594deedeb91119fe521913a00d63_darkside
-
Size
148KB
-
Sample
240311-y8sraadd8z
-
MD5
52d4594deedeb91119fe521913a00d63
-
SHA1
6fe557247936badebc8676248275cd2f00106655
-
SHA256
74090a22f4713933e21739eb08a99705407554ff204201829894ab38405644f6
-
SHA512
39c3e13a6982e3368fe4045b836b79398c3a0e9ce1239370e9d084ef9aed0041d9794c2bf2c511343f98fe041139f052a52f5b52437c3259267baf59d8837f69
-
SSDEEP
3072:7qJogYkcSNm9V7D105NoSUhIhI8YoXXjT:7q2kc4m9tD1Sy1oH
Behavioral task
behavioral1
Sample
2024-03-11_52d4594deedeb91119fe521913a00d63_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-11_52d4594deedeb91119fe521913a00d63_darkside.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\QO5k5RIUs.README.txt
https://twitter.com/hashtag/lockbit?f=live
Extracted
C:\QO5k5RIUs.README.txt
https://twitter.com/hashtag/lockbit?f=live
Targets
-
-
Target
2024-03-11_52d4594deedeb91119fe521913a00d63_darkside
-
Size
148KB
-
MD5
52d4594deedeb91119fe521913a00d63
-
SHA1
6fe557247936badebc8676248275cd2f00106655
-
SHA256
74090a22f4713933e21739eb08a99705407554ff204201829894ab38405644f6
-
SHA512
39c3e13a6982e3368fe4045b836b79398c3a0e9ce1239370e9d084ef9aed0041d9794c2bf2c511343f98fe041139f052a52f5b52437c3259267baf59d8837f69
-
SSDEEP
3072:7qJogYkcSNm9V7D105NoSUhIhI8YoXXjT:7q2kc4m9tD1Sy1oH
Score10/10-
Renames multiple (309) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-