General
-
Target
2024-04-19_40126b1b3c6f86194fc554cdba3cb5d3_darkside
-
Size
147KB
-
Sample
240419-qpdh9aed9t
-
MD5
40126b1b3c6f86194fc554cdba3cb5d3
-
SHA1
a05551c8536eb6489651a9481911d107fd1c34ef
-
SHA256
5c54bd1aa2abf024f53490b7d93101496b5842a5a81a51955fe7f1d5e4281409
-
SHA512
045711fc010aba7ae338351fe825575bda270636c5c983484faae980655b50dc0196a74964f115fb73235bbae1e6013351e5dc573865e848669fdb43272a4278
-
SSDEEP
3072:a6glyuxE4GsUPnliByocWepvOdS3A/bB1Ba3:a6gDBGpvEByocWeGSQzN
Behavioral task
behavioral1
Sample
2024-04-19_40126b1b3c6f86194fc554cdba3cb5d3_darkside.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-19_40126b1b3c6f86194fc554cdba3cb5d3_darkside.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\uBBbnTEl1.README.txt
http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion
Extracted
C:\uBBbnTEl1.README.txt
http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion
Targets
-
-
Target
2024-04-19_40126b1b3c6f86194fc554cdba3cb5d3_darkside
-
Size
147KB
-
MD5
40126b1b3c6f86194fc554cdba3cb5d3
-
SHA1
a05551c8536eb6489651a9481911d107fd1c34ef
-
SHA256
5c54bd1aa2abf024f53490b7d93101496b5842a5a81a51955fe7f1d5e4281409
-
SHA512
045711fc010aba7ae338351fe825575bda270636c5c983484faae980655b50dc0196a74964f115fb73235bbae1e6013351e5dc573865e848669fdb43272a4278
-
SSDEEP
3072:a6glyuxE4GsUPnliByocWepvOdS3A/bB1Ba3:a6gDBGpvEByocWeGSQzN
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-