General
-
Target
2024-06-13_603ab1d26637ce590df341e468795968_darkside
-
Size
1.2MB
-
Sample
240613-ax6l1a1crl
-
MD5
603ab1d26637ce590df341e468795968
-
SHA1
1713ba54373bbdfed5b07e6244e1597ac94f5e2c
-
SHA256
c2006d3fd1a8d1943421da6154751e7b53cc799a8bac833a6a95ef1dd2e06c45
-
SHA512
81e29123cb6ce89e2442077dfb647b94752c0578507d2294135af8ef3ffb420f6f16d6d0a06be6a570143798adb63db3d874274bb9bab42bf190633419460268
-
SSDEEP
24576:Pj4SJslvwqeH5TDdy6gGYXI152bFYEGsMOPRgH8vt+t7d1LeEqotPntpMWhP+c3O:P8J7IaOac4Mn3tAjXLz
Malware Config
Extracted
C:\Users\Admin\xa1Xx3AXs.README.txt
328N9mKT6xFe6uTvtpxeKSymgWCbbTGbK2
Targets
-
-
Target
2024-06-13_603ab1d26637ce590df341e468795968_darkside
-
Size
1.2MB
-
MD5
603ab1d26637ce590df341e468795968
-
SHA1
1713ba54373bbdfed5b07e6244e1597ac94f5e2c
-
SHA256
c2006d3fd1a8d1943421da6154751e7b53cc799a8bac833a6a95ef1dd2e06c45
-
SHA512
81e29123cb6ce89e2442077dfb647b94752c0578507d2294135af8ef3ffb420f6f16d6d0a06be6a570143798adb63db3d874274bb9bab42bf190633419460268
-
SSDEEP
24576:Pj4SJslvwqeH5TDdy6gGYXI152bFYEGsMOPRgH8vt+t7d1LeEqotPntpMWhP+c3O:P8J7IaOac4Mn3tAjXLz
Score10/10-
Detects executables packed with BoxedApp
-
Renames multiple (8832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-