dharma

General

Target

40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05
Size

92KB
Sample

220305-s1396agfa8
MD5

2db20e2fcd86d00388915088b18f99f2
SHA1

3a321bf3980d08fe5754548f5aba7f1bdc967f10
SHA256

40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05
SHA512

b9c179e2b5b82fa59018194e8ee8bb927dfd545c72772de6c98621a071650efa345e9bee0282caac95ccccce1371e440295f61a981d447d5ef699fd81e3d1450

Score

10^/10

Malware Config

Extracted

Path

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta

Ransom Note

YOUR FILES ARE ENCRYPTED Don't worry,you can return all your files! If you want to restore them, follow this link: email [email protected] YOUR ID If you have not been answered via the link within 12 hours, write to us by e-mail: [email protected] Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Emails

[email protected]

Targets

- Target
  
  40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05
- Size
  
  92KB
- MD5
  
  2db20e2fcd86d00388915088b18f99f2
- SHA1
  
  3a321bf3980d08fe5754548f5aba7f1bdc967f10
- SHA256
  
  40a837f93edb2531fe35733d725efb490c7b5199d031a6e087b5041aed6eea05
- SHA512
  
  b9c179e2b5b82fa59018194e8ee8bb927dfd545c72772de6c98621a071650efa345e9bee0282caac95ccccce1371e440295f61a981d447d5ef699fd81e3d1450
Score

10^/10

dharma persistence ransomware spyware stealer
- Dharma
  Dharma is a ransomware that uses security software installation to hide malicious activities.
  ransomware dharma
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2