dharma | 478052e8d42187e9c1d0bc38d13e140d7e92d9ab59874c44bc83e3a9ec13a631 | Triage

Submit
Reports

Overview

overview

Static

static

478052e8d4...31.exe

windows7_x64

478052e8d4...31.exe

windows10_x64

Sharing

General

Target

478052e8d42187e9c1d0bc38d13e140d7e92d9ab59874c44bc83e3a9ec13a631
Size

173KB
Sample

210518-ba6m63lh8x
MD5

0e3628ff2cfc0b5b457e14acc55e7fa6
SHA1

324e18c7c8776c1c9d8ec054182d98b8c8c0021e
SHA256

478052e8d42187e9c1d0bc38d13e140d7e92d9ab59874c44bc83e3a9ec13a631
SHA512

7959504f076ce488559f0af15b7f4514ac25e8fcdee428870c8fbb7e3fb2ceebc042ae3668adbd14fd3204e65c61cb2298056cd43a59a8b4ac6a01070c920136

Score

10^/10

dharma persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

478052e8d42187e9c1d0bc38d13e140d7e92d9ab59874c44bc83e3a9ec13a631.exe

Resource

win7v20210408

dharma persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

478052e8d42187e9c1d0bc38d13e140d7e92d9ab59874c44bc83e3a9ec13a631.exe

Resource

win10v20210410

dharma persistence ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  478052e8d42187e9c1d0bc38d13e140d7e92d9ab59874c44bc83e3a9ec13a631
- Size
  
  173KB
- MD5
  
  0e3628ff2cfc0b5b457e14acc55e7fa6
- SHA1
  
  324e18c7c8776c1c9d8ec054182d98b8c8c0021e
- SHA256
  
  478052e8d42187e9c1d0bc38d13e140d7e92d9ab59874c44bc83e3a9ec13a631
- SHA512
  
  7959504f076ce488559f0af15b7f4514ac25e8fcdee428870c8fbb7e3fb2ceebc042ae3668adbd14fd3204e65c61cb2298056cd43a59a8b4ac6a01070c920136
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Modifies system executable filetype association
  persistence
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Deletion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

dharmapersistenceransomwarespywarestealer

behavioral2

dharmapersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy