General
-
Target
246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f
-
Size
92KB
-
Sample
200911-nzhersdv9n
-
MD5
96be0f4957d5e34b1f827a0777363eba
-
SHA1
a60b7b0a0a8e4011068b436a8fd297b0908448c6
-
SHA256
246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f
-
SHA512
fa32621e646bf6541717d2689cffbd99aa832e64bfeac37ffe38f92736a9e57f8b66c1bc206a31a8895d5cf3f95ca900c11b8bce0846cda7df2b76a1c3673511
Static task
static1
Behavioral task
behavioral1
Sample
246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f.exe
Resource
win7
Behavioral task
behavioral2
Sample
246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
future911@tuta.io
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
future911@tuta.io
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
future911@tuta.io
Targets
-
-
Target
246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f
-
Size
92KB
-
MD5
96be0f4957d5e34b1f827a0777363eba
-
SHA1
a60b7b0a0a8e4011068b436a8fd297b0908448c6
-
SHA256
246fbca7a62d38c5c15e47bddbb92c303e2470adaf514817b43c9f274cb47e7f
-
SHA512
fa32621e646bf6541717d2689cffbd99aa832e64bfeac37ffe38f92736a9e57f8b66c1bc206a31a8895d5cf3f95ca900c11b8bce0846cda7df2b76a1c3673511
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies service
-