General
-
Target
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside
-
Size
149KB
-
Sample
240313-2gexwsdc36
-
MD5
ac6a7885e55155b6025f45bf90d5af64
-
SHA1
08d5edf13c34b78c68c6a01e1f2346baa9de5d54
-
SHA256
a779818597f3d64aac07f3db86bfa6019bf84069691e581f9f2d1b5a0c15daf0
-
SHA512
1d13fb7f5808392883e9644b91d4423765f3ac063ade2d511c85302fb9c9ebe5d2819f908b2223bf20f49b3162879bef60f50980d70b7fc4f90d8c1b5be47e51
-
SSDEEP
3072:S6glyuxE4GsUPnliByocWepBoOoWPuqMLWlYcaS:S6gDBGpvEByocWejotfqMClY0
Behavioral task
behavioral1
Sample
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\LPJKYjRBM.README.txt
lockbit
https://twitter.com/hashtag/lockbit?f=live
https://tox.chat/download.html
Extracted
C:\LPJKYjRBM.README.txt
lockbit
https://twitter.com/hashtag/lockbit?f=live
https://tox.chat/download.html
Targets
-
-
Target
2024-03-13_ac6a7885e55155b6025f45bf90d5af64_darkside
-
Size
149KB
-
MD5
ac6a7885e55155b6025f45bf90d5af64
-
SHA1
08d5edf13c34b78c68c6a01e1f2346baa9de5d54
-
SHA256
a779818597f3d64aac07f3db86bfa6019bf84069691e581f9f2d1b5a0c15daf0
-
SHA512
1d13fb7f5808392883e9644b91d4423765f3ac063ade2d511c85302fb9c9ebe5d2819f908b2223bf20f49b3162879bef60f50980d70b7fc4f90d8c1b5be47e51
-
SSDEEP
3072:S6glyuxE4GsUPnliByocWepBoOoWPuqMLWlYcaS:S6gDBGpvEByocWejotfqMClY0
Score10/10-
Renames multiple (348) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-