General

  • Target

    2024-09-18_fa7dc4c2263227936ec13d9086ab35aa_darkside

  • Size

    146KB

  • Sample

    240918-3b1g3sydrk

  • MD5

    fa7dc4c2263227936ec13d9086ab35aa

  • SHA1

    f6ebda1c5b4ed7c1048a89f4fcde70ed12c3f302

  • SHA256

    914efa089dcb98c5a81f548fa4e8769ef1d8abbcd891a25812fa4771aac24d4a

  • SHA512

    712113a7a690254c9bf79496d4220daf4828c284f434c3bbbf61cb55dd625fce327dff15025daa24ecc18634b81380a920dc4640c7009ee482b1962b11cb2fd7

  • SSDEEP

    3072:q6glyuxE4GsUPnliByocWepccEte6HsR0XAN1n:q6gDBGpvEByocWeicMg

Malware Config

Targets

    • Target

      2024-09-18_fa7dc4c2263227936ec13d9086ab35aa_darkside

    • Size

      146KB

    • MD5

      fa7dc4c2263227936ec13d9086ab35aa

    • SHA1

      f6ebda1c5b4ed7c1048a89f4fcde70ed12c3f302

    • SHA256

      914efa089dcb98c5a81f548fa4e8769ef1d8abbcd891a25812fa4771aac24d4a

    • SHA512

      712113a7a690254c9bf79496d4220daf4828c284f434c3bbbf61cb55dd625fce327dff15025daa24ecc18634b81380a920dc4640c7009ee482b1962b11cb2fd7

    • SSDEEP

      3072:q6glyuxE4GsUPnliByocWepccEte6HsR0XAN1n:q6gDBGpvEByocWeicMg

    • Renames multiple (319) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks