Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-03-26_679475b7a73405dd0c3fd038d0b107b8_darkside
-
Size
147KB
-
Sample
240326-rs2kxsfc2t
-
MD5
679475b7a73405dd0c3fd038d0b107b8
-
SHA1
f5c824f8c8c1fe065aead63f8d56a7682eaece36
-
SHA256
415478012f448676e8a262afbcdc76d67763c87fab99d93c3db1612430f0d89d
-
SHA512
39d3ca516862b52daa16c7363b8fa41363e3271f6eff812b85140b8de8bb8f30d82cefda12012f1b05cee82e7731b6f70d1b65b241f536d3cc6b22da746b8441
-
SSDEEP
1536:ezICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDquSYEuwkC7106P7ZqHjuJF6Uyz:FqJogYkcSNm9V7DlScwF75ZqDuCT
Behavioral task
behavioral1
Sample
2024-03-26_679475b7a73405dd0c3fd038d0b107b8_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-26_679475b7a73405dd0c3fd038d0b107b8_darkside.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-03-26_679475b7a73405dd0c3fd038d0b107b8_darkside
-
Size
147KB
-
MD5
679475b7a73405dd0c3fd038d0b107b8
-
SHA1
f5c824f8c8c1fe065aead63f8d56a7682eaece36
-
SHA256
415478012f448676e8a262afbcdc76d67763c87fab99d93c3db1612430f0d89d
-
SHA512
39d3ca516862b52daa16c7363b8fa41363e3271f6eff812b85140b8de8bb8f30d82cefda12012f1b05cee82e7731b6f70d1b65b241f536d3cc6b22da746b8441
-
SSDEEP
1536:ezICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDquSYEuwkC7106P7ZqHjuJF6Uyz:FqJogYkcSNm9V7DlScwF75ZqDuCT
Score9/10-
Renames multiple (156) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-