Extracted

• • Target

    2024-07-31_11c051782c327c662507801124f0b95b_darkside

  • Size

    147KB

  • MD5

    11c051782c327c662507801124f0b95b

  • SHA1

    5dd92a1ab1cfc5b73b5dcdb3edd6ea6d498339df

  • SHA256

    3c13ae9a53b29849fd3bb75d3259a23658cd687441f8bdd610487007c51d2eac

  • SHA512

    239f6eba567c59cf956e4f6c8ffe6588bb2b16ede03e939f79db69ae23631881285475f634780a40f94038035fb1329743c9b57c92a9690ec927f6d372d9ca2e

  • SSDEEP

    1536:GzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDuc1UR7zBEDZhT+IhMjo9Uyz:9qJogYkcSNm9V7DJ1URfqVXmjo9T

  Score

  10^/10

  defense_evasiondiscoveryransomwarespywarestealer

  • Renames multiple (329) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2