General

  • Target

    2024-09-18_b49f2ded048a1c07e09e731d84c7bbb8_darkside

  • Size

    146KB

  • Sample

    240918-29txhsybpg

  • MD5

    b49f2ded048a1c07e09e731d84c7bbb8

  • SHA1

    826176b2a3f8258b944dacf1f17a4495b73d104a

  • SHA256

    4178821f84d63a57ba7858c0b1e6adfa9d206943c06ac70b1a497d9269388db3

  • SHA512

    fbcde9c4334756d305715e1ec5f6216515ffd25ab0b861945807d0605b1d84339933ddd24ddb45f77f5390e9915e7b237cbcef45ad2f883a98b25747d0cca774

  • SSDEEP

    3072:n6glyuxE4GsUPnliByocWep2ntZdy0OS55Ei:n6gDBGpvEByocWeordyXS55Ei

Malware Config

Targets

    • Target

      2024-09-18_b49f2ded048a1c07e09e731d84c7bbb8_darkside

    • Size

      146KB

    • MD5

      b49f2ded048a1c07e09e731d84c7bbb8

    • SHA1

      826176b2a3f8258b944dacf1f17a4495b73d104a

    • SHA256

      4178821f84d63a57ba7858c0b1e6adfa9d206943c06ac70b1a497d9269388db3

    • SHA512

      fbcde9c4334756d305715e1ec5f6216515ffd25ab0b861945807d0605b1d84339933ddd24ddb45f77f5390e9915e7b237cbcef45ad2f883a98b25747d0cca774

    • SSDEEP

      3072:n6glyuxE4GsUPnliByocWep2ntZdy0OS55Ei:n6gDBGpvEByocWeordyXS55Ei

    • Renames multiple (328) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks