General
-
Target
2024-08-10_ef531da468065fc649d072824c9a76e2_darkside
-
Size
146KB
-
Sample
240810-c265fawdkd
-
MD5
ef531da468065fc649d072824c9a76e2
-
SHA1
93c35e2e7f4915645479f6ae680683dcb3d9bc54
-
SHA256
d12c35c8825aad5b09855a89102236774ca847a7559132c4e9d92aaf69772815
-
SHA512
4c212df24e00fb7d93a5d26f27c3c0628cd7dbea67d7ee72844d1de5d6c5713860e423a01a8226da825882507f5982a06d01d8677e8bb26c66a43f131dac7894
-
SSDEEP
1536:IzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDjkxB81Hd8lQG9XtPmSQVwpdNIQ:XqJogYkcSNm9V7DjQPQGfjLpjIa1tT
Malware Config
Extracted
C:\xgU6NOijB.README.txt
https://t.me/bit_decryptor
Extracted
C:\xgU6NOijB.README.txt
https://t.me/bit_decryptor
Targets
-
-
Target
2024-08-10_ef531da468065fc649d072824c9a76e2_darkside
-
Size
146KB
-
MD5
ef531da468065fc649d072824c9a76e2
-
SHA1
93c35e2e7f4915645479f6ae680683dcb3d9bc54
-
SHA256
d12c35c8825aad5b09855a89102236774ca847a7559132c4e9d92aaf69772815
-
SHA512
4c212df24e00fb7d93a5d26f27c3c0628cd7dbea67d7ee72844d1de5d6c5713860e423a01a8226da825882507f5982a06d01d8677e8bb26c66a43f131dac7894
-
SSDEEP
1536:IzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDjkxB81Hd8lQG9XtPmSQVwpdNIQ:XqJogYkcSNm9V7DjQPQGfjLpjIa1tT
Score10/10-
Renames multiple (363) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-