General
-
Target
227d13f9a142cc6f050b7761e6c6e1bae712c4440730ec71c84e5acb274555e3
-
Size
245KB
-
Sample
201109-8klfw4zlsn
-
MD5
dca247cda2f20152feb8cf6b410fc093
-
SHA1
c7f9176ed2615364fb02d454918425814d52d4bf
-
SHA256
227d13f9a142cc6f050b7761e6c6e1bae712c4440730ec71c84e5acb274555e3
-
SHA512
91f2b08c409110f74c0a42f3df1f7920a539d2081704878ae573e9111b5f8cc4694611c8d541fc9f1bf913847ca94ef487f8f1333a34507bb3c3cd9fe7623760
Static task
static1
Behavioral task
behavioral1
Sample
227d13f9a142cc6f050b7761e6c6e1bae712c4440730ec71c84e5acb274555e3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
227d13f9a142cc6f050b7761e6c6e1bae712c4440730ec71c84e5acb274555e3.exe
Resource
win10v20201028
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
3441546223@qq.com
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
3441546223@qq.com
Targets
-
-
Target
227d13f9a142cc6f050b7761e6c6e1bae712c4440730ec71c84e5acb274555e3
-
Size
245KB
-
MD5
dca247cda2f20152feb8cf6b410fc093
-
SHA1
c7f9176ed2615364fb02d454918425814d52d4bf
-
SHA256
227d13f9a142cc6f050b7761e6c6e1bae712c4440730ec71c84e5acb274555e3
-
SHA512
91f2b08c409110f74c0a42f3df1f7920a539d2081704878ae573e9111b5f8cc4694611c8d541fc9f1bf913847ca94ef487f8f1333a34507bb3c3cd9fe7623760
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-