General
-
Target
program.exe
-
Size
92KB
-
Sample
210531-y6pf5rks22
-
MD5
b2eff93d16267edd3817eee2a40c7eee
-
SHA1
8489a94af0c4b9a7fd53affd64a3357141995c3a
-
SHA256
d13c712deac973ddd3666c02b76e8c0f2f5a4291078b579e231cdb8f5554efb2
-
SHA512
8abc98b506e977cd7958ccedefdc783be016ef3482ada047584fa8edb73ac5cff87a46c644fbb9b10c2b790399b51a6768db4762f9e5069ca04182473fbc4a2d
Static task
static1
Behavioral task
behavioral1
Sample
program.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
program.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
rdphack@onionmail.org
freelurk@aol.com
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
rdphack@onionmail.org
freelurk@aol.com
Targets
-
-
Target
program.exe
-
Size
92KB
-
MD5
b2eff93d16267edd3817eee2a40c7eee
-
SHA1
8489a94af0c4b9a7fd53affd64a3357141995c3a
-
SHA256
d13c712deac973ddd3666c02b76e8c0f2f5a4291078b579e231cdb8f5554efb2
-
SHA512
8abc98b506e977cd7958ccedefdc783be016ef3482ada047584fa8edb73ac5cff87a46c644fbb9b10c2b790399b51a6768db4762f9e5069ca04182473fbc4a2d
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-