General
-
Target
winhost.exe
-
Size
92KB
-
Sample
210424-ey6njt2snx
-
MD5
1935185051c225c096396bffbd7b5a34
-
SHA1
bc5891815b66d7adf44c9dbb56d7170d7304bdff
-
SHA256
ea387065ba5b3f661d15cc0713a838c611afd1052925eb458dfcdb4ab893a1f6
-
SHA512
564ad1f26b83d76cd34cf35c0bbf988f635d89ad97f103a68bae576cd155415495ce069ef8451b04710448afb1855f7aff60cfb22b51e334b3c2426e661f193d
Static task
static1
Behavioral task
behavioral1
Sample
winhost.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
winhost.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
bad_dev@tuta.io
bad.dev@onionmail.org
Targets
-
-
Target
winhost.exe
-
Size
92KB
-
MD5
1935185051c225c096396bffbd7b5a34
-
SHA1
bc5891815b66d7adf44c9dbb56d7170d7304bdff
-
SHA256
ea387065ba5b3f661d15cc0713a838c611afd1052925eb458dfcdb4ab893a1f6
-
SHA512
564ad1f26b83d76cd34cf35c0bbf988f635d89ad97f103a68bae576cd155415495ce069ef8451b04710448afb1855f7aff60cfb22b51e334b3c2426e661f193d
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-