Overview

overview

10

Static

static

0aaad9fd6d...6b.exe

windows7_x64

10

0aaad9fd6d...6b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0aaad9fd6d9de6a189e89709e052f06b

  • Size

    92KB

  • Sample

    200618-rqjvwjf4je

  • MD5

    0aaad9fd6d9de6a189e89709e052f06b

  • SHA1

    1a41edb2e59bc56ddb7a8206ac250812452421c5

  • SHA256

    4b8271802c7cfec3b5258b581f4cb871edcc0c7bfb3bb7621707bdca094049a0

  • SHA512

    fdf293692e7a8cb1aad85c383b7f1d050da20351ce5800889238208991420ef2c9e8797b2cd90e33b1e88288e29cf7578cebfb9ee7593c73699ea67327b83336

Score
10/10
dharmapersistenceransomwarespyware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\FILES ENCRYPTED.txt

Ransom Note
all your data has been locked us You want to return? write email [email protected]

Targets

    • Target

      0aaad9fd6d9de6a189e89709e052f06b

    • Size

      92KB

    • MD5

      0aaad9fd6d9de6a189e89709e052f06b

    • SHA1

      1a41edb2e59bc56ddb7a8206ac250812452421c5

    • SHA256

      4b8271802c7cfec3b5258b581f4cb871edcc0c7bfb3bb7621707bdca094049a0

    • SHA512

      fdf293692e7a8cb1aad85c383b7f1d050da20351ce5800889238208991420ef2c9e8797b2cd90e33b1e88288e29cf7578cebfb9ee7593c73699ea67327b83336

    Score
    10/10
    ransomwarepersistencedharmaspyware

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

      ransomwaredharma

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks