dharma | e264b1a0c00bcb0329845d7155bd540dfe3909f8bf72d2572db0f56bdcbb99ed | Triage

Submit
Reports

Overview

overview

Static

static

RapeD.exe

windows7_x64

RapeD.exe

windows10_x64

Sharing

General

Target

RapeD.exe
Size

92KB
Sample

200502-b895k7egnj
MD5

b709b29f7b84533ad0899a6fb739f0d1
SHA1

9649c54ef995f14f702191c618221331d1058c38
SHA256

e264b1a0c00bcb0329845d7155bd540dfe3909f8bf72d2572db0f56bdcbb99ed
SHA512

d45b583dd5b6fbe6b2360526e94df2d105f4019aef60f8f224a3ef462dd058e4d8de1ddbded8284e05487341760f92e9468cabc15a9d93b38b86cc89bce97fb5

Score

10^/10

dharma persistence ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

RapeD.exe

Resource

win7v200430

ransomware dharma persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RapeD.exe

Resource

win10v200430

persistence spyware ransomware dharma

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  RapeD.exe
- Size
  
  92KB
- MD5
  
  b709b29f7b84533ad0899a6fb739f0d1
- SHA1
  
  9649c54ef995f14f702191c618221331d1058c38
- SHA256
  
  e264b1a0c00bcb0329845d7155bd540dfe3909f8bf72d2572db0f56bdcbb99ed
- SHA512
  
  d45b583dd5b6fbe6b2360526e94df2d105f4019aef60f8f224a3ef462dd058e4d8de1ddbded8284e05487341760f92e9468cabc15a9d93b38b86cc89bce97fb5
Score

10^/10

ransomware dharma persistence spyware
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwaredharmapersistencespyware

behavioral2

persistencespywareransomwaredharma

© 2018-2024

Terms | Privacy