General
-
Target
00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.bin
-
Size
92KB
-
Sample
201016-fsb8snfy7s
-
MD5
e065bd3d92d7026c56862d11914d10d6
-
SHA1
addf7bb51f6bcea825be2167489f643cba88e833
-
SHA256
00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430
-
SHA512
b76e456c29371e2fca3edb96332f0a5e445ad0e652a183d06b8716f1afc62ad95ce80a8d7346c2f3f2ae80b1dd41b3171515824138b667ac77b6385266162a6d
Static task
static1
Behavioral task
behavioral1
Sample
00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.bin.exe
Resource
win10v200722
Malware Config
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
freshkart@420blaze.it
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
freshkart@420blaze.it
Targets
-
-
Target
00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430.bin
-
Size
92KB
-
MD5
e065bd3d92d7026c56862d11914d10d6
-
SHA1
addf7bb51f6bcea825be2167489f643cba88e833
-
SHA256
00ce72bb6fb1d2c1d32aa4c4a147e1b9b390cf9d3ae8b5c0cab2718118db4430
-
SHA512
b76e456c29371e2fca3edb96332f0a5e445ad0e652a183d06b8716f1afc62ad95ce80a8d7346c2f3f2ae80b1dd41b3171515824138b667ac77b6385266162a6d
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies service
-