General
-
Target
315fbebc706c3445ab51140be348c51761a3556f5c473b92f03c135fa82e070a.sample
-
Size
95KB
-
Sample
210726-c6w5m2b7v6
-
MD5
3eaef97bb8b68a705c550461b05ffb8b
-
SHA1
68e987e807aff31277b178c202cce71df30143e3
-
SHA256
315fbebc706c3445ab51140be348c51761a3556f5c473b92f03c135fa82e070a
-
SHA512
f2575079c6f9402314a854222ca994b7769d87a7df8e21a653bfeb8e99dd4f5faf7ed072e863c9cf7bb63511e9fba1977fddc44ad3fee013b8a0d02358a7076c
Static task
static1
Behavioral task
behavioral1
Sample
315fbebc706c3445ab51140be348c51761a3556f5c473b92f03c135fa82e070a.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
315fbebc706c3445ab51140be348c51761a3556f5c473b92f03c135fa82e070a.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
bitpandacom@qq.com
Extracted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
bitpandacom@qq.com
Targets
-
-
Target
315fbebc706c3445ab51140be348c51761a3556f5c473b92f03c135fa82e070a.sample
-
Size
95KB
-
MD5
3eaef97bb8b68a705c550461b05ffb8b
-
SHA1
68e987e807aff31277b178c202cce71df30143e3
-
SHA256
315fbebc706c3445ab51140be348c51761a3556f5c473b92f03c135fa82e070a
-
SHA512
f2575079c6f9402314a854222ca994b7769d87a7df8e21a653bfeb8e99dd4f5faf7ed072e863c9cf7bb63511e9fba1977fddc44ad3fee013b8a0d02358a7076c
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-