Extracted

• • Target

    sample3.exe

  • Size

    59KB

  • MD5

    943a107b88f85fd88198a9df2e1dc0dd

  • SHA1

    bfcf6050ddba6053b738e0c5e54b105880a3c45a

  • SHA256

    80c75581d6e09643a8fc7d7e0fa677e95faa64f20141cf493371ea604f6a07c9

  • SHA512

    bb179e1deb929502a63d37a19f34808329cb0a5f85618aafcc1eb22ecd91966f12c0033c36a84d966c84dfa86172b0af352e10a086f337f404af34256caacf77

  • SSDEEP

    768:GjjmbIax7F3DS4/S9+CuUSbVAdNcxGV1ylvD7Y23W58:Dx7Fu4/ihrhDTV1ylbcZ58

  Score

  10^/10

  darksidecredential_accessdefense_evasiondiscoveryexecutionransomwarespywarestealer

  • DarkSide

    Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.

    ransomwaredarkside

  • Darkside family

    darkside

  • Renames multiple (151) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2