Overview

overview

10

Static

static

3

f632dce9c6...8e.exe

windows7-x64

10

f632dce9c6...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e

  • Size

    2.2MB

  • Sample

    240410-nbd7hsdf53

  • MD5

    99762b33396b8128e6e72fc66a8e8939

  • SHA1

    edb33f83c49268ef604e073d33f358b5b4da60ce

  • SHA256

    f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e

  • SHA512

    71a5c78519ea6028bfffdb0d1199c36b245a70766e650dcab85b333966b6a66b3a8e1a672eee495a11a9ee5f722e00625e546f6d85b86067a6484ac27e4ed036

  • SSDEEP

    49152:yz+eK5Bhzwrb/TEvO90dL3BmAFd4A64nsfJqyM4w7qLiC/gv4sxZ2EAKEz1q:yz+rzLyM1GLhukEAO

Score
10/10
darksideransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Family

darkside

Ransom Note
WINNER WINNER CHICKEN DINNER What happend? ############################################## All your servers and computers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? ############################################## We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one image file for free. The file size should be no more than 2 MB. Contact us by email: 22eb687475f2c5ca30b@protonmail.com !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!
Emails

22eb687475f2c5ca30b@protonmail.com

Targets

    • Target

      f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e

    • Size

      2.2MB

    • MD5

      99762b33396b8128e6e72fc66a8e8939

    • SHA1

      edb33f83c49268ef604e073d33f358b5b4da60ce

    • SHA256

      f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e

    • SHA512

      71a5c78519ea6028bfffdb0d1199c36b245a70766e650dcab85b333966b6a66b3a8e1a672eee495a11a9ee5f722e00625e546f6d85b86067a6484ac27e4ed036

    • SSDEEP

      49152:yz+eK5Bhzwrb/TEvO90dL3BmAFd4A64nsfJqyM4w7qLiC/gv4sxZ2EAKEz1q:yz+rzLyM1GLhukEAO

    Score
    10/10
    darksideransomware

    • DarkSide

      Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.

      ransomwaredarkside

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks