Overview

overview

10

Static

static

10

2024-07-09...de.exe

windows7-x64

9

2024-07-09...de.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-09_8f35c10cb73fdf1121fc76da47d8b742_darkside

  • Size

    147KB

  • Sample

    240710-ae58hsthnr

  • MD5

    8f35c10cb73fdf1121fc76da47d8b742

  • SHA1

    e70da2232428b15eb14da7f077c379d20843c636

  • SHA256

    19cd17a749fec8486a669e89e44fa18a63cf2b5712ba7ec376b0e2ef23bc3631

  • SHA512

    00ce7f495b9d34c01a5e50fd6f0e659935e06a5e204607858183cc40475dc1a41bff47a402bdaac2c9198846c5af451f8dc002a8d77d29fea3953d74d4ed3b7c

  • SSDEEP

    1536:izICS4AwwRlcz5AxE4vGP1iU8KnliIs3iocZMgkGJp14Fpg9eKpv+Ysbt862//f1:h6glyuxE4GsUPnliByocWepkaaYsNKb

Score
10/10
lockbitransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-07-09_8f35c10cb73fdf1121fc76da47d8b742_darkside

    • Size

      147KB

    • MD5

      8f35c10cb73fdf1121fc76da47d8b742

    • SHA1

      e70da2232428b15eb14da7f077c379d20843c636

    • SHA256

      19cd17a749fec8486a669e89e44fa18a63cf2b5712ba7ec376b0e2ef23bc3631

    • SHA512

      00ce7f495b9d34c01a5e50fd6f0e659935e06a5e204607858183cc40475dc1a41bff47a402bdaac2c9198846c5af451f8dc002a8d77d29fea3953d74d4ed3b7c

    • SSDEEP

      1536:izICS4AwwRlcz5AxE4vGP1iU8KnliIs3iocZMgkGJp14Fpg9eKpv+Ysbt862//f1:h6glyuxE4GsUPnliByocWepkaaYsNKb

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (345) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks