General
-
Target
2025-01-23_3b7bbcc792998c87d854a9587d066d2e_darkside
-
Size
160KB
-
Sample
250123-x8nxnaskam
-
MD5
3b7bbcc792998c87d854a9587d066d2e
-
SHA1
0b3e8f3c71d3fbfa02ad9cef1f3cbaa83c8d2621
-
SHA256
130d6de205082cf8be9c58f327f84080af79f2ebf6f50c83e23aa142f2247cd8
-
SHA512
56d74eef6efb89837c048b1aa91358749992c1e41bc82fe646924efb16c7e32a1d4eeaeeb7d82a0a49314a4f3c47b909e7b1271acb40d1ae8d1c1755c8929ee7
-
SSDEEP
3072:TDDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368enHx6A2eyKQnWwAYEW:95d/zugZqll30Hw3eyZWwAY
Malware Config
Targets
-
-
Target
2025-01-23_3b7bbcc792998c87d854a9587d066d2e_darkside
-
Size
160KB
-
MD5
3b7bbcc792998c87d854a9587d066d2e
-
SHA1
0b3e8f3c71d3fbfa02ad9cef1f3cbaa83c8d2621
-
SHA256
130d6de205082cf8be9c58f327f84080af79f2ebf6f50c83e23aa142f2247cd8
-
SHA512
56d74eef6efb89837c048b1aa91358749992c1e41bc82fe646924efb16c7e32a1d4eeaeeb7d82a0a49314a4f3c47b909e7b1271acb40d1ae8d1c1755c8929ee7
-
SSDEEP
3072:TDDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368enHx6A2eyKQnWwAYEW:95d/zugZqll30Hw3eyZWwAY
Score9/10-
Renames multiple (177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-