General
-
Target
65ac9daf3070161ac996fb8946632599547f1c9450d7dcd0f8dc1c85b4e8b3b7
-
Size
243KB
-
Sample
201109-frve5t3bzx
-
MD5
f3c11989987acee8b271f571cdc7757c
-
SHA1
50a191d53bc397ce08af356a224135488ed23619
-
SHA256
65ac9daf3070161ac996fb8946632599547f1c9450d7dcd0f8dc1c85b4e8b3b7
-
SHA512
27e9690090d4d928140b0c6b34205371bd2c8cce8423308fff0fdbd1ebfec9b4b50538a226de73145598aa4f7d9153db67a21cebed00808466cf2a93b697a119
Static task
static1
Behavioral task
behavioral1
Sample
65ac9daf3070161ac996fb8946632599547f1c9450d7dcd0f8dc1c85b4e8b3b7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
65ac9daf3070161ac996fb8946632599547f1c9450d7dcd0f8dc1c85b4e8b3b7.exe
Resource
win10v20201028
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Targets
-
-
Target
65ac9daf3070161ac996fb8946632599547f1c9450d7dcd0f8dc1c85b4e8b3b7
-
Size
243KB
-
MD5
f3c11989987acee8b271f571cdc7757c
-
SHA1
50a191d53bc397ce08af356a224135488ed23619
-
SHA256
65ac9daf3070161ac996fb8946632599547f1c9450d7dcd0f8dc1c85b4e8b3b7
-
SHA512
27e9690090d4d928140b0c6b34205371bd2c8cce8423308fff0fdbd1ebfec9b4b50538a226de73145598aa4f7d9153db67a21cebed00808466cf2a93b697a119
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Modifies service
-
Suspicious use of SetThreadContext
-