General
-
Target
2024-08-30_608c27640c4d305f54a7f9ec2e0d20c9_darkside
-
Size
122KB
-
Sample
240830-3d24pasfrj
-
MD5
608c27640c4d305f54a7f9ec2e0d20c9
-
SHA1
d6bdb127f81f2c1b71f1a51661cf7aed77f1db23
-
SHA256
a96b76f8290757ebdd6c5b85b555e69ea14d2cb6338e4c65e93a32a7d1218637
-
SHA512
9e64214961b032cb37dca760dd92959011bb6c5c1797b830f4c71fc7940fbb5d357ab3989cb425a75de2a7b91be116956b9bea7b3279063b05717ed01d5d5585
-
SSDEEP
768:miN4q1eksgR4SiI+rxQ3rjFrXRRWxXyw/AfydfIaJ/ZB49j9xOOLvSw9kvAx0:R4HHerjZX7pL2JKjSOVi
Static task
static1
Behavioral task
behavioral1
Sample
2024-08-30_608c27640c4d305f54a7f9ec2e0d20c9_darkside.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-08-30_608c27640c4d305f54a7f9ec2e0d20c9_darkside.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\README.827f117e.TXT
darkside
http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion/162/thedixiegroup/LCfyHRcwffrYTblpZvoPO3XDbrYPcNu0wVAsH5p49LSjBfzTmtdXT48azXFlMu7q
http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/W57MRI9C7YZJUZEABBBYRQLSUTG22JZ9MAH0WT1ISHC405KP7Z2UWY3AI3J68DNM
Targets
-
-
Target
2024-08-30_608c27640c4d305f54a7f9ec2e0d20c9_darkside
-
Size
122KB
-
MD5
608c27640c4d305f54a7f9ec2e0d20c9
-
SHA1
d6bdb127f81f2c1b71f1a51661cf7aed77f1db23
-
SHA256
a96b76f8290757ebdd6c5b85b555e69ea14d2cb6338e4c65e93a32a7d1218637
-
SHA512
9e64214961b032cb37dca760dd92959011bb6c5c1797b830f4c71fc7940fbb5d357ab3989cb425a75de2a7b91be116956b9bea7b3279063b05717ed01d5d5585
-
SSDEEP
768:miN4q1eksgR4SiI+rxQ3rjFrXRRWxXyw/AfydfIaJ/ZB49j9xOOLvSw9kvAx0:R4HHerjZX7pL2JKjSOVi
Score10/10-
DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
-
Renames multiple (181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-