General
-
Target
2024-12-16_2827781d295d54cdb5d199c19aef469d_darkside
-
Size
147KB
-
Sample
241216-vxp98sxjbj
-
MD5
2827781d295d54cdb5d199c19aef469d
-
SHA1
308b01ec5ba7e3283353bb7cdbf85010017f99e8
-
SHA256
d2468b77968df53b4335668c1a5313dd007d9ab528541bab28f74b4f170988fa
-
SHA512
4afdcf585fb43e5001c77b50377f1d4c9dc2ab7925dceb1ed552e112bce6ea3ec122d18f3c08efb5a5b2e2b7fbf7cd396e53f025d5e7d5f5f3f7d69b8e73e334
-
SSDEEP
3072:36glyuxE4GsUPnliByocWepZaGGtgp8FDJ94dElJnxB:36gDBGpvEByocWe2xZFXhbnz
Behavioral task
behavioral1
Sample
2024-12-16_2827781d295d54cdb5d199c19aef469d_darkside.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-12-16_2827781d295d54cdb5d199c19aef469d_darkside.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\FIPNplZX1.README.txt
Extracted
C:\FIPNplZX1.README.txt
Targets
-
-
Target
2024-12-16_2827781d295d54cdb5d199c19aef469d_darkside
-
Size
147KB
-
MD5
2827781d295d54cdb5d199c19aef469d
-
SHA1
308b01ec5ba7e3283353bb7cdbf85010017f99e8
-
SHA256
d2468b77968df53b4335668c1a5313dd007d9ab528541bab28f74b4f170988fa
-
SHA512
4afdcf585fb43e5001c77b50377f1d4c9dc2ab7925dceb1ed552e112bce6ea3ec122d18f3c08efb5a5b2e2b7fbf7cd396e53f025d5e7d5f5f3f7d69b8e73e334
-
SSDEEP
3072:36glyuxE4GsUPnliByocWepZaGGtgp8FDJ94dElJnxB:36gDBGpvEByocWe2xZFXhbnz
Score10/10-
Renames multiple (357) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-