General
-
Target
1.exe
-
Size
92KB
-
Sample
220118-qarsbsbcb4
-
MD5
cc1ef1b52de2bd60cc72c49f425fe87a
-
SHA1
479bfbf3b2a8f35a647cf7bd8060f3d917c5cb1e
-
SHA256
7b9e8b0857e29bf1e1726c227a0648f77b3790f8cca973af3e720b44566f10aa
-
SHA512
8f1e4897fd07c9716216dd41cbc43365ef3370ccf597ea3e6599a9341be0f0572c21d68d29b42814c1444ccfbe908e486bf52e112cdbca4ad08d9c7ab9864c43
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
Targets
-
-
Target
1.exe
-
Size
92KB
-
MD5
cc1ef1b52de2bd60cc72c49f425fe87a
-
SHA1
479bfbf3b2a8f35a647cf7bd8060f3d917c5cb1e
-
SHA256
7b9e8b0857e29bf1e1726c227a0648f77b3790f8cca973af3e720b44566f10aa
-
SHA512
8f1e4897fd07c9716216dd41cbc43365ef3370ccf597ea3e6599a9341be0f0572c21d68d29b42814c1444ccfbe908e486bf52e112cdbca4ad08d9c7ab9864c43
Score10/10-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-