General
-
Target
438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.bin
-
Size
92KB
-
Sample
201016-vgj9ng26js
-
MD5
ae29011f8b3506e2b70b21b67b48aa76
-
SHA1
3416c3dcabeab528daa4925eebec626d39a7ace5
-
SHA256
438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be
-
SHA512
bb6220fda952905cf8233b0b609a8bd6adc444cf7492f3dce52661b6806345063bf591f02c9a1f0ad841395af22fc55c3eef95b93ba10a88d5751c06f9bfbba3
Static task
static1
Behavioral task
behavioral1
Sample
438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.bin.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.bin.exe
Resource
win10v200722
Malware Config
Extracted
C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
lpe-cve@usa.com
lpecve@cock.li
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
lpe-cve@usa.com
lpecve@cock.li
Targets
-
-
Target
438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be.bin
-
Size
92KB
-
MD5
ae29011f8b3506e2b70b21b67b48aa76
-
SHA1
3416c3dcabeab528daa4925eebec626d39a7ace5
-
SHA256
438af5e212ca33f9e04431dfac555945a3f0926865930f96230adb07dec0a2be
-
SHA512
bb6220fda952905cf8233b0b609a8bd6adc444cf7492f3dce52661b6806345063bf591f02c9a1f0ad841395af22fc55c3eef95b93ba10a88d5751c06f9bfbba3
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies service
-