General
-
Target
2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside
-
Size
146KB
-
Sample
240417-3ppbzaaa33
-
MD5
7f72cf6f4d95a38ac92aa8e548cf2665
-
SHA1
e7e37defe61a3ec55998974f11529e63efdfa94d
-
SHA256
152217ef46be621a53593457abc52d435f1301ff314261ababf3e5a2ba04e6cd
-
SHA512
5ec14e3091198fe5ccdcd91f8a18b47c5cd7cc48598b42bd6c5d266758bf104b7ebe37dd2c639db032ea462bf4c5f57818125fdb988de0304eb92fee2227a394
-
SSDEEP
3072:OqJogYkcSNm9V7DBArsI8lVu20ytl2zE+ZT:Oq2kc4m9tDCYJVP0yto
Behavioral task
behavioral1
Sample
2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside
-
Size
146KB
-
MD5
7f72cf6f4d95a38ac92aa8e548cf2665
-
SHA1
e7e37defe61a3ec55998974f11529e63efdfa94d
-
SHA256
152217ef46be621a53593457abc52d435f1301ff314261ababf3e5a2ba04e6cd
-
SHA512
5ec14e3091198fe5ccdcd91f8a18b47c5cd7cc48598b42bd6c5d266758bf104b7ebe37dd2c639db032ea462bf4c5f57818125fdb988de0304eb92fee2227a394
-
SSDEEP
3072:OqJogYkcSNm9V7DBArsI8lVu20ytl2zE+ZT:Oq2kc4m9tDCYJVP0yto
Score9/10-
Renames multiple (319) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-