General
-
Target
2024-09-16_3290559743aa86d90b38f475166ce537_darkside
-
Size
146KB
-
Sample
240916-qmba4szdml
-
MD5
3290559743aa86d90b38f475166ce537
-
SHA1
4f2fe418b2b80d97fbdc60b656167dee7a37033f
-
SHA256
32b2c13f90c98bb456ccf6b1552ca1a988bc2243650067d095fa2e0748a154a1
-
SHA512
2c83ee91b02bc25791acc267112a53a8edfd4e30e130b4ff5188a9cf62c170ae0d80373ca757e73b95d4845fb2ec54cfd888b4bd8d16df2d793fe7666b53d2be
-
SSDEEP
3072:E6glyuxE4GsUPnliByocWep3cj1d0ew99ie:E6gDBGpvEByocWeOj0xf
Malware Config
Targets
-
-
Target
2024-09-16_3290559743aa86d90b38f475166ce537_darkside
-
Size
146KB
-
MD5
3290559743aa86d90b38f475166ce537
-
SHA1
4f2fe418b2b80d97fbdc60b656167dee7a37033f
-
SHA256
32b2c13f90c98bb456ccf6b1552ca1a988bc2243650067d095fa2e0748a154a1
-
SHA512
2c83ee91b02bc25791acc267112a53a8edfd4e30e130b4ff5188a9cf62c170ae0d80373ca757e73b95d4845fb2ec54cfd888b4bd8d16df2d793fe7666b53d2be
-
SSDEEP
3072:E6glyuxE4GsUPnliByocWep3cj1d0ew99ie:E6gDBGpvEByocWeOj0xf
Score9/10-
Renames multiple (323) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-