MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkSide


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43
SHA3-384 hash: 52fc28bf1b4d2d5d36386aba346aa8309309f4ae7890325da021a5aae393e3b5ef9aaf72cbb8d54001ff4be0da19a507
SHA1 hash: c91ff86a88038b00d9190ebb01e6f8c94b0c83e0
MD5 hash: 1a700f845849e573ab3148daef1a3b0b
humanhash: spring-mountain-music-twelve
File name:1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.bin
Download: download sample
Signature DarkSide
Create hunting rule
File size:40'960 bytes
First seen:2020-11-25 16:40:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b9eff3ef84e2c498e581399154cc6576 (4 x DarkSide)
ssdeep 384:woyzEpcGhIxJl9JEdauBNa/nu333s8JrxRMt0GNtslmlLpB1pyLloyGw6Bm7lpIN:wo4EpThIpEdauX3hS/sj5kGudUj9Vg
Threatray 2 similar samples on MalwareBazaar
TLSH 18035B898759E273DF1416F66EAC7BE3666A2DF1C627901B06240F24A5348B3DF0173B
Reporter Arkbird_SOLG
Tags:DarkSide Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
325
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105656/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/459303
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43/
Threat name:
Win32.Ransomware.DarkSide
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 11:32:21 UTC
File Type:
PE (Exe)
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
afb22b1ff281c085b60052831ead0a0ed300fac0160f87851dacc67d4e158178
DarkSide
e0c0cbc50a9ed4d01a176497c8dba913cbbba515ea701a67ef00dcb7c8a84368
DarkSide
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201125-fl8g7r2he2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43
MD5 hash:
1a700f845849e573ab3148daef1a3b0b
SHA1 hash:
c91ff86a88038b00d9190ebb01e6f8c94b0c83e0
Link:
https://www.unpac.me/results/fcaa7eaf-0f42-405b-8511-cb8833ca0694/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
XPACK
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RANSOM_darkside
Create hunting rule
Author:Marc Rivero | McAfee ATR Team
Description:Rule to detect packed and unpacked samples of DarkSide

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/105656/

Comments