DarkSide | Threat Level: critical | Type: Ransomware

Cryptographic Identifiers

SHA2562de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5
MD59b5350ddf895a5051b90a1cc563753df
File Typeexe
Size56.0 KB
First Seen2021-05-19
File Name9b5350dd_by_Libranalysis
TagsDarkSide

Malware Family: DarkSide

DarkSide, Colonial Pipeline saldırısından sorumludur.

TypeRansomware
Programming LanguageC++
Target PlatformWindows/Linux
C2 Protocol
PurposeColonial Pipeline
First Seen Year2020

Threat Indicators (IOC)

  • SHA256: 2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5
  • MD5: 9b5350ddf895a5051b90a1cc563753df

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Sistemi ağdan DERHAL ayırın — diğer cihazlara yayılmayı durdurun
  2. Do not pay the ransom — there is no guarantee your files will be restored
  3. Quarantine the affected drives
  4. Kullanılan fidye yazılımı ailesini belirleyin (nomoreransom.org)
  5. Try available decryptor tools (the NoMoreRansom project)
  6. Report the incident to the authorities (cybercrime unit)
  7. Temiz bir yedekten kurtarın; yedeğiniz yoksa sürücüyü saklayın

YARA Rule Hints

rule DarkSide_SHA256 {
    meta:
        description = "DarkSide sample: 2de09a815efcc648"
        threat_level = "critical"
        first_seen = "2021-05-19"
    condition:
        hash.sha256(0, filesize) == "2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5"
}

DarkSide — Malware Profile

DarkSide, 2020-2021 aktif RaaS ailesidir. Colonial Pipeline saldırısı. Linux ESXi versiyonu. Çifte gaspatma.

Malware Type
Ransomware
Programming Language
C++
C2 Protocol
Target Systems
Windows/Linux

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (2 indicators)

IOC — DarkSide
# SHA256 2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5 # MD5 9b5350ddf895a5051b90a1cc563753df
TypeValueNote
sha256 2de09a815efcc64810046de69b8e0aa1c9e9beee77b66560a0b15d737485e3c5 Sample:DarkSide
md5 9b5350ddf895a5051b90a1cc563753df Sample:DarkSide
Tags
darksideransomwaremalwarecriticalsha256hash-analizi