dharma | 3ff9b0171c038ce75606e7f5916e52b752924a1d6f093b5ab50bfd2cd57c646f | Triage

Submit
Reports

Overview

overview

Static

static

ransomware

windows7_x64

Sharing

General

Target

winhost.exe
Size

92KB
Sample

200523-kg3d5f1qje
MD5

76b83b0d11d4a0fdcc27402d4a6962a4
SHA1

e8220fbddce054bfd537b622e66fe73e84a72609
SHA256

3ff9b0171c038ce75606e7f5916e52b752924a1d6f093b5ab50bfd2cd57c646f
SHA512

61147a4e923ba5cd79ba7feeb2df05cdd274d6ef72435c9a3e7e8fbd2748385caaf59747f85ad6cab608408edb034c2c009d3d63fc2748bf77d67712c8a2f09f

Score

10^/10

dharma persistence ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

winhost.exe

Resource

win7v200430

ransomware spyware persistence dharma

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\FILES ENCRYPTED.txt

Ransom Note

all your data has been locked us You want to return? write email [email protected] or [email protected]

Emails

[email protected]

[email protected]

Targets

- Target
  
  winhost.exe
- Size
  
  92KB
- MD5
  
  76b83b0d11d4a0fdcc27402d4a6962a4
- SHA1
  
  e8220fbddce054bfd537b622e66fe73e84a72609
- SHA256
  
  3ff9b0171c038ce75606e7f5916e52b752924a1d6f093b5ab50bfd2cd57c646f
- SHA512
  
  61147a4e923ba5cd79ba7feeb2df05cdd274d6ef72435c9a3e7e8fbd2748385caaf59747f85ad6cab608408edb034c2c009d3d63fc2748bf77d67712c8a2f09f
Score

10^/10

ransomware spyware persistence dharma
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarespywarepersistencedharma

© 2018-2024

Terms | Privacy