General
-
Target
4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.bin
-
Size
92KB
-
Sample
201016-a3rrg6keb6
-
MD5
803d1bd11219b78507fa8ffbf3667cf8
-
SHA1
0e289bd9a734bc7d7f8a6e09a39f675f5c35c94e
-
SHA256
4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3
-
SHA512
614029b79b0813a10616de97bd271a3d97313a6a6b88cd644e2451f7f75d9f6e4bdf126e49ad06ce7b7f1cbb16e14923470f8e2b19b33261fc363310e6f03105
Static task
static1
Behavioral task
behavioral1
Sample
4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.bin.exe
Resource
win10
Malware Config
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
admin@sectex.net
admin@sectex.world
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
admin@sectex.net
admin@sectex.world
Targets
-
-
Target
4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3.bin
-
Size
92KB
-
MD5
803d1bd11219b78507fa8ffbf3667cf8
-
SHA1
0e289bd9a734bc7d7f8a6e09a39f675f5c35c94e
-
SHA256
4992506df46c0b80f4619f3cb7478346561260366422c085f18356194b6cc3e3
-
SHA512
614029b79b0813a10616de97bd271a3d97313a6a6b88cd644e2451f7f75d9f6e4bdf126e49ad06ce7b7f1cbb16e14923470f8e2b19b33261fc363310e6f03105
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies service
-