Extracted

Extracted

• • Target

    2024-07-09_819e99fcbe582443daf3dc7605bdba4e_darkside

  • Size

    147KB

  • MD5

    819e99fcbe582443daf3dc7605bdba4e

  • SHA1

    1ca7a6d96ad09704adf068b34848e3db9aafe4f0

  • SHA256

    76bab2ddaa0159d1a379e896581dca9675f1ef51bf31194fd4e85ab06ad75562

  • SHA512

    62aeab27b40dd7a6b7e3f981911c750a056fcad247ad40fe470dbe94bf07d0a186a01dfdc1eb81f9ae78dd7eb2b724214eb87948ed1f8579c4f74b75611ee4ea

  • SSDEEP

    3072:K6glyuxE4GsUPnliByocWep3QqGp3VeTBAPpk2pjPdZ8Y:K6gDBGpvEByocWeOqG/5kiPdZ8

  Score

  10^/10

  lockbitransomwarespywarestealer

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Renames multiple (9074) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2