General

  • Target

    2024-12-19_cc74ca82436f36c701b67aa6dba61fc1_darkside

  • Size

    146KB

  • Sample

    241219-p4vweatkhy

  • MD5

    cc74ca82436f36c701b67aa6dba61fc1

  • SHA1

    cd1e7eaee094cb71101f0cc58ee91e2dd01f1eea

  • SHA256

    5cd13457b6d5ebd06aaea94183c22bb766731c6abe14922525e3f527708fd742

  • SHA512

    d68578b9301461c724b4a63cf9e9691e06a497e2b5d3992b68ba3db6301fe0aae5197bffbfa50c2780e96fa0d257ec174df6c5ea3df57d5abb684281cbbb9048

  • SSDEEP

    3072:L6glyuxE4GsUPnliByocWepCc1zsUGG808GOiUSza:L6gDBGpvEByocWeoM15xOiUia

Malware Config

Targets

    • Target

      2024-12-19_cc74ca82436f36c701b67aa6dba61fc1_darkside

    • Size

      146KB

    • MD5

      cc74ca82436f36c701b67aa6dba61fc1

    • SHA1

      cd1e7eaee094cb71101f0cc58ee91e2dd01f1eea

    • SHA256

      5cd13457b6d5ebd06aaea94183c22bb766731c6abe14922525e3f527708fd742

    • SHA512

      d68578b9301461c724b4a63cf9e9691e06a497e2b5d3992b68ba3db6301fe0aae5197bffbfa50c2780e96fa0d257ec174df6c5ea3df57d5abb684281cbbb9048

    • SSDEEP

      3072:L6glyuxE4GsUPnliByocWepCc1zsUGG808GOiUSza:L6gDBGpvEByocWeoM15xOiUia

    • Renames multiple (206) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks