General

  • Target

    202409167e289e2de04d519e94419ccdc5e9fb0cdarkside

  • Size

    146KB

  • Sample

    240916-wmabps1hkd

  • MD5

    7e289e2de04d519e94419ccdc5e9fb0c

  • SHA1

    3a868a8b93da54dcc18f47f67a322a5ab0aa0178

  • SHA256

    c1f9a88541f2175dbe7ac071fa8219e1df77fc7b0efd74c116757b5968ba3405

  • SHA512

    a69d8d4c4875442a2d4c07b887fb47a57eb8f9f1be9fe2720d121460f3684334c44ad64da4f24344e5054603dd7e55ca59996ae86f96598de842d9407e826b39

  • SSDEEP

    3072:E6glyuxE4GsUPnliByocWep+n9l4Tu3c65QBO5:E6gDBGpvEByocWekn9lY65p5

Malware Config

Targets

    • Target

      202409167e289e2de04d519e94419ccdc5e9fb0cdarkside

    • Size

      146KB

    • MD5

      7e289e2de04d519e94419ccdc5e9fb0c

    • SHA1

      3a868a8b93da54dcc18f47f67a322a5ab0aa0178

    • SHA256

      c1f9a88541f2175dbe7ac071fa8219e1df77fc7b0efd74c116757b5968ba3405

    • SHA512

      a69d8d4c4875442a2d4c07b887fb47a57eb8f9f1be9fe2720d121460f3684334c44ad64da4f24344e5054603dd7e55ca59996ae86f96598de842d9407e826b39

    • SSDEEP

      3072:E6glyuxE4GsUPnliByocWep+n9l4Tu3c65QBO5:E6gDBGpvEByocWekn9lY65p5

    • Renames multiple (335) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks