General
-
Target
2024-09-24_8f07589938ea42db794ebef25c755965_darkside
-
Size
147KB
-
Sample
240924-c4vjeswflc
-
MD5
8f07589938ea42db794ebef25c755965
-
SHA1
aa6f9576dfc56a6fccb37d9e70ed0bb441e084e8
-
SHA256
8cdabda0c32376426e32048c867b7d66d9df6a3f0da53baef67e1a30abd444b7
-
SHA512
79e553062ea5e4de34245bc9e8e6a26db2823cd12d51995e401ebfe47ece36a0a7819a2cad79bf14894a1ca30c9a3587a6101b7e8c3ae1432351deebe8fd86e8
-
SSDEEP
1536:ZzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDYediJW5QdpkLMuAkHiWIlqUyz:iqJogYkcSNm9V7DFEW5QAQrRW2qT
Malware Config
Extracted
C:\LOyx4shPX.README.txt
Targets
-
-
Target
2024-09-24_8f07589938ea42db794ebef25c755965_darkside
-
Size
147KB
-
MD5
8f07589938ea42db794ebef25c755965
-
SHA1
aa6f9576dfc56a6fccb37d9e70ed0bb441e084e8
-
SHA256
8cdabda0c32376426e32048c867b7d66d9df6a3f0da53baef67e1a30abd444b7
-
SHA512
79e553062ea5e4de34245bc9e8e6a26db2823cd12d51995e401ebfe47ece36a0a7819a2cad79bf14894a1ca30c9a3587a6101b7e8c3ae1432351deebe8fd86e8
-
SSDEEP
1536:ZzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDYediJW5QdpkLMuAkHiWIlqUyz:iqJogYkcSNm9V7DFEW5QAQrRW2qT
Score10/10-
Renames multiple (181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-