General

  • Target

    4ae809a33d01626e77dcfd591902815692405d2fa1f6ae7df13ca248507e4562

  • Size

    92KB

  • Sample

    220201-hw2wesaefj

  • MD5

    f17b2ef7612dea0104c57192ee6c427d

  • SHA1

    69ffe8f7ca565b6c07462d3c7c0eef2dd4a87f01

  • SHA256

    4ae809a33d01626e77dcfd591902815692405d2fa1f6ae7df13ca248507e4562

  • SHA512

    9879ae4582e1ccd49383abed3e7802a076d48c12fc404d0912d5a1b338c761463959d5472b7648fdee1ad6435a2944f1abfbf9c0c1a5c1b4a1c22e3c8fb8a7f2

Malware Config

Targets

    • Target

      4ae809a33d01626e77dcfd591902815692405d2fa1f6ae7df13ca248507e4562

    • Size

      92KB

    • MD5

      f17b2ef7612dea0104c57192ee6c427d

    • SHA1

      69ffe8f7ca565b6c07462d3c7c0eef2dd4a87f01

    • SHA256

      4ae809a33d01626e77dcfd591902815692405d2fa1f6ae7df13ca248507e4562

    • SHA512

      9879ae4582e1ccd49383abed3e7802a076d48c12fc404d0912d5a1b338c761463959d5472b7648fdee1ad6435a2944f1abfbf9c0c1a5c1b4a1c22e3c8fb8a7f2

    • Dharma

      Dharma is a ransomware that uses security software installation to hide malicious activities.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks