Extracted

• • Target

    2024-08-06_5820e728cfad98d8673d29448c58c7d5_darkside

  • Size

    147KB

  • MD5

    5820e728cfad98d8673d29448c58c7d5

  • SHA1

    cfe71685fd09fd14d2d2faa8618b2559438a8b1e

  • SHA256

    5ccc9cb2e75c85b87f7244cca81c1acf6dfffe8f35a8c4d0ee00795872a9c9e7

  • SHA512

    28ce7d774bd528a83e18fadf74e2826ae99031909e0907c83278604ba72a299942436721443ead9820a7e6bbc1f07c2e325886d316ed529fd12946c20e6cb9d4

  • SSDEEP

    1536:0zICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDekDM2CpVTBVuVAPuzLsA/t83YY:bqJogYkcSNm9V7DekDMyVTzLVdwUOT

  Score

  10^/10

  defense_evasiondiscoveryransomwarespywarestealer

  • Renames multiple (821) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2