DarkSide | Threat Level: critical | Type: Ransomware

Cryptographic Identifiers

SHA256521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef
MD5b189fad932afbd22817b65e5a9c41a4a
File Typeexe
Size54.0 KB
First Seen2021-04-30
File Nameb189fad9_by_Libranalysis
TagsDarkSide

Malware Family: DarkSide

DarkSide, Colonial Pipeline saldırısından sorumludur.

TypeRansomware
Programming LanguageC++
Target PlatformWindows/Linux
C2 Protocol
PurposeColonial Pipeline
First Seen Year2020

Threat Indicators (IOC)

  • SHA256: 521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef
  • MD5: b189fad932afbd22817b65e5a9c41a4a

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Sistemi ağdan DERHAL ayırın — diğer cihazlara yayılmayı durdurun
  2. Do not pay the ransom — there is no guarantee your files will be restored
  3. Quarantine the affected drives
  4. Kullanılan fidye yazılımı ailesini belirleyin (nomoreransom.org)
  5. Try available decryptor tools (the NoMoreRansom project)
  6. Report the incident to the authorities (cybercrime unit)
  7. Temiz bir yedekten kurtarın; yedeğiniz yoksa sürücüyü saklayın

YARA Rule Hints

rule DarkSide_SHA256 {
    meta:
        description = "DarkSide sample: 521c503bc3f5d8b2"
        threat_level = "critical"
        first_seen = "2021-04-30"
    condition:
        hash.sha256(0, filesize) == "521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef"
}

DarkSide — Malware Profile

DarkSide, 2020-2021 aktif RaaS ailesidir. Colonial Pipeline saldırısı. Linux ESXi versiyonu. Çifte gaspatma.

Malware Type
Ransomware
Programming Language
C++
C2 Protocol
Target Systems
Windows/Linux

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (2 indicators)

IOC — DarkSide
# SHA256 521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef # MD5 b189fad932afbd22817b65e5a9c41a4a
TypeValueNote
sha256 521c503bc3f5d8b2aa8819e8e30e2019e74ea9649a57529fb32c3dfc66a1e7ef Sample:DarkSide
md5 b189fad932afbd22817b65e5a9c41a4a Sample:DarkSide
Tags
darksideransomwaremalwarecriticalsha256hash-analizi