General
-
Target
5584954355122176.zip
-
Size
69KB
-
Sample
210408-7b657dhfmn
-
MD5
febfe3f02ef2f6f032ed770c86a1fc16
-
SHA1
395d947aee780e1f8e1a5916ca8496ead738db41
-
SHA256
553cddc453d29d25725907c77345e745208156f12fe544685cec2b8d0cbb4fe2
-
SHA512
e354f8ca4bc8b5287c0f6013733497ccb83b14549606ca031eb7ebc6937c2468c77cf793cbed30beb00896424745adcaccbd588920ff1c3dbc1452048e553a9c
Static task
static1
Behavioral task
behavioral1
Sample
1eca4383fb0c1d2e92b9a0ef1e939643a0fefdb37b4519e731030197c7091ff1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1eca4383fb0c1d2e92b9a0ef1e939643a0fefdb37b4519e731030197c7091ff1.exe
Resource
win10v20201028
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
didoh@tutanota.com
enlist@criptext.com
Targets
-
-
Target
1eca4383fb0c1d2e92b9a0ef1e939643a0fefdb37b4519e731030197c7091ff1
-
Size
92KB
-
MD5
627c54e435c997f228937d70fa4efabe
-
SHA1
de983ae81197370c1c0db019e47367ef0521163d
-
SHA256
1eca4383fb0c1d2e92b9a0ef1e939643a0fefdb37b4519e731030197c7091ff1
-
SHA512
c827d16c316ba46e5ed73018a73dc99c2e62a0c809aeb986027444a1d5d53e4c3fcb955152debc30bc69c82621eeb6ec454d6add17e5b2875cf3d25e325f0466
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-