General

  • Target

    2024-12-22_cc780bb339c7952570528b864770a0c0_darkside

  • Size

    156KB

  • Sample

    241222-pm4f8axqhx

  • MD5

    cc780bb339c7952570528b864770a0c0

  • SHA1

    9bb86df4fcf1d358fb5e9ff372c3b8df3548ad9e

  • SHA256

    ed4483944564f5934b6cb725f2f5055a9da1e243ebd6fe49742e460e867dff41

  • SHA512

    38946eb28c717e25cfe58ccc7b0515ac2adba498124bf9eb45b45cafc7015034dacaee3878f3ff5fe53da0b24ec630a3088e975175a8f989ce9738c46b96986c

  • SSDEEP

    3072:9DDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP33683TvtDvbvizOmpnW:f5d/zugZqll3vl6OG

Malware Config

Targets

    • Target

      2024-12-22_cc780bb339c7952570528b864770a0c0_darkside

    • Size

      156KB

    • MD5

      cc780bb339c7952570528b864770a0c0

    • SHA1

      9bb86df4fcf1d358fb5e9ff372c3b8df3548ad9e

    • SHA256

      ed4483944564f5934b6cb725f2f5055a9da1e243ebd6fe49742e460e867dff41

    • SHA512

      38946eb28c717e25cfe58ccc7b0515ac2adba498124bf9eb45b45cafc7015034dacaee3878f3ff5fe53da0b24ec630a3088e975175a8f989ce9738c46b96986c

    • SSDEEP

      3072:9DDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP33683TvtDvbvizOmpnW:f5d/zugZqll3vl6OG

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks