General
-
Target
2025-01-13_23c5224d2d9dfdb43e238b2a807c9ed3_darkside
-
Size
146KB
-
Sample
250113-dw3qhawlhq
-
MD5
23c5224d2d9dfdb43e238b2a807c9ed3
-
SHA1
cfb8440584ecb0bb5a4615078cc5341013e65d15
-
SHA256
d93858aef7e77a3e740e328a2c50b645ee5cd9e8424d56fe41a622816adb4fac
-
SHA512
669424b6ccef8235eb71351ded0aadc6f8f741a37ada95922ee0e3e79e7ee954b3aeca52be79e09d7ebf13dfc46429d5a79b57244e5886d005b7f655c3b89efd
-
SSDEEP
3072:F6glyuxE4GsUPnliByocWepZxudgcjaJkokkFUc:F6gDBGpvEByocWeJ2c
Malware Config
Targets
-
-
Target
2025-01-13_23c5224d2d9dfdb43e238b2a807c9ed3_darkside
-
Size
146KB
-
MD5
23c5224d2d9dfdb43e238b2a807c9ed3
-
SHA1
cfb8440584ecb0bb5a4615078cc5341013e65d15
-
SHA256
d93858aef7e77a3e740e328a2c50b645ee5cd9e8424d56fe41a622816adb4fac
-
SHA512
669424b6ccef8235eb71351ded0aadc6f8f741a37ada95922ee0e3e79e7ee954b3aeca52be79e09d7ebf13dfc46429d5a79b57244e5886d005b7f655c3b89efd
-
SSDEEP
3072:F6glyuxE4GsUPnliByocWepZxudgcjaJkokkFUc:F6gDBGpvEByocWeJ2c
Score9/10-
Renames multiple (191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-