General
-
Target
20240905a5f2eeb4c5cbb2c2ff3b103e304c4a37darkside
-
Size
146KB
-
Sample
240905-vhqmfsvgln
-
MD5
a5f2eeb4c5cbb2c2ff3b103e304c4a37
-
SHA1
604025da6efc564ae2b3b92c33eb3a2995ca81a4
-
SHA256
105912c9995a1d718c5442349d2cc4bb99426f75ff34554cdfd9a7272eeca398
-
SHA512
96e766e4f3aefacada98a5336320db9d26c5d7d5d150125183e5415786b57d46b3383880910cfbdcd0928960d4abcaeba19c0854b0fb4a863391f0b13617bf4e
-
SSDEEP
1536:NzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDrZ5bKzpnSPyZxedH4UnFgDXv0R:eqJogYkcSNm9V7DmSPNHnFsvCT
Behavioral task
behavioral1
Sample
20240905a5f2eeb4c5cbb2c2ff3b103e304c4a37darkside.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
20240905a5f2eeb4c5cbb2c2ff3b103e304c4a37darkside.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\RCl10Ol9q.README.txt
328N9mKT6xFe6uTvtpxeKSymgWCbbTGbK2
Targets
-
-
Target
20240905a5f2eeb4c5cbb2c2ff3b103e304c4a37darkside
-
Size
146KB
-
MD5
a5f2eeb4c5cbb2c2ff3b103e304c4a37
-
SHA1
604025da6efc564ae2b3b92c33eb3a2995ca81a4
-
SHA256
105912c9995a1d718c5442349d2cc4bb99426f75ff34554cdfd9a7272eeca398
-
SHA512
96e766e4f3aefacada98a5336320db9d26c5d7d5d150125183e5415786b57d46b3383880910cfbdcd0928960d4abcaeba19c0854b0fb4a863391f0b13617bf4e
-
SSDEEP
1536:NzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDrZ5bKzpnSPyZxedH4UnFgDXv0R:eqJogYkcSNm9V7DmSPNHnFsvCT
Score10/10-
Renames multiple (8965) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-