General
-
Target
2024-03-13_66b3e535355102fd0cede6506739e474_darkside
-
Size
147KB
-
Sample
240313-v4tk8sba3y
-
MD5
66b3e535355102fd0cede6506739e474
-
SHA1
5a20c4d8bbb2495c817c92cfa060a6a235e6ed36
-
SHA256
9b3cd385077933c2a72cba58d23dcde77852818c3ce1a361baa5c6bbd915b82f
-
SHA512
f11bd1ed1f2f601ed5db353ff2f85982b3218e3a60f6d58c8f5f5a23df7560fce8fd67da37fe7ef6bc31de2883eb17c2389a1195820968562740a0e46c1569e6
-
SSDEEP
3072:T6glyuxE4GsUPnliByocWepjUeRBGYENO6g:T6gDBGpvEByocWexUeR0Y2N
Behavioral task
behavioral1
Sample
2024-03-13_66b3e535355102fd0cede6506739e474_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-13_66b3e535355102fd0cede6506739e474_darkside.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\NupqqeiS5.README.txt
Targets
-
-
Target
2024-03-13_66b3e535355102fd0cede6506739e474_darkside
-
Size
147KB
-
MD5
66b3e535355102fd0cede6506739e474
-
SHA1
5a20c4d8bbb2495c817c92cfa060a6a235e6ed36
-
SHA256
9b3cd385077933c2a72cba58d23dcde77852818c3ce1a361baa5c6bbd915b82f
-
SHA512
f11bd1ed1f2f601ed5db353ff2f85982b3218e3a60f6d58c8f5f5a23df7560fce8fd67da37fe7ef6bc31de2883eb17c2389a1195820968562740a0e46c1569e6
-
SSDEEP
3072:T6glyuxE4GsUPnliByocWepjUeRBGYENO6g:T6gDBGpvEByocWexUeR0Y2N
Score10/10-
Renames multiple (329) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-